From 92deacd50521cc7e32410c36c402739a0faaf5a8 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Sat, 20 May 2017 05:11:06 +0000 Subject: [PATCH 001/126] initial commit Signed-off-by: Andrew Hsu --- pkg/docker-engine/deb/compat | 1 + pkg/docker-engine/deb/control | 30 ++++ .../deb/docker-ce.docker.default | 20 +++ pkg/docker-engine/deb/docker-ce.docker.init | 156 ++++++++++++++++++ .../deb/docker-ce.docker.upstart | 72 ++++++++ pkg/docker-engine/deb/docker-ce.postinst | 20 +++ pkg/docker-engine/deb/docs | 1 + pkg/docker-engine/deb/rules | 56 +++++++ 8 files changed, 356 insertions(+) create mode 100644 pkg/docker-engine/deb/compat create mode 100644 pkg/docker-engine/deb/control create mode 100644 pkg/docker-engine/deb/docker-ce.docker.default create mode 100644 pkg/docker-engine/deb/docker-ce.docker.init create mode 100644 pkg/docker-engine/deb/docker-ce.docker.upstart create mode 100644 pkg/docker-engine/deb/docker-ce.postinst create mode 100644 pkg/docker-engine/deb/docs create mode 100644 pkg/docker-engine/deb/rules diff --git a/pkg/docker-engine/deb/compat b/pkg/docker-engine/deb/compat new file mode 100644 index 00000000..ec635144 --- /dev/null +++ b/pkg/docker-engine/deb/compat @@ -0,0 +1 @@ +9 diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control new file mode 100644 index 00000000..45ca68f1 --- /dev/null +++ b/pkg/docker-engine/deb/control @@ -0,0 +1,30 @@ +Source: docker-ce +Section: admin +Priority: optional +Maintainer: Docker +Standards-Version: 3.9.6 +Homepage: https://dockerproject.org +Vcs-Browser: https://github.com/docker/docker +Vcs-Git: git://github.com/docker/docker.git + +Package: docker-ce +Architecture: linux-any +Depends: iptables, ${misc:Depends}, ${perl:Depends}, ${shlibs:Depends} +Recommends: aufs-tools, + ca-certificates, + cgroupfs-mount | cgroup-lite, + git, + xz-utils, + ${apparmor:Recommends} +Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine-cs +Replaces: docker-engine +Description: Docker: the open-source application container engine + Docker is an open source project to build, ship and run any application as a + lightweight container + . + Docker containers are both hardware-agnostic and platform-agnostic. This means + they can run anywhere, from your laptop to the largest EC2 compute instance and + everything in between - and they don't require you to use a particular + language, framework or packaging system. That makes them great building blocks + for deploying and scaling web apps, databases, and backend services without + depending on a particular stack or provider. diff --git a/pkg/docker-engine/deb/docker-ce.docker.default b/pkg/docker-engine/deb/docker-ce.docker.default new file mode 100644 index 00000000..c4e93199 --- /dev/null +++ b/pkg/docker-engine/deb/docker-ce.docker.default @@ -0,0 +1,20 @@ +# Docker Upstart and SysVinit configuration file + +# +# THIS FILE DOES NOT APPLY TO SYSTEMD +# +# Please see the documentation for "systemd drop-ins": +# https://docs.docker.com/engine/admin/systemd/ +# + +# Customize location of Docker binary (especially for development testing). +#DOCKERD="/usr/local/bin/dockerd" + +# Use DOCKER_OPTS to modify the daemon startup options. +#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4" + +# If you need Docker to use an HTTP proxy, it can also be specified here. +#export http_proxy="http://127.0.0.1:3128/" + +# This is also a handy place to tweak where Docker's temporary files go. +#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp" diff --git a/pkg/docker-engine/deb/docker-ce.docker.init b/pkg/docker-engine/deb/docker-ce.docker.init new file mode 100644 index 00000000..9c8fa6be --- /dev/null +++ b/pkg/docker-engine/deb/docker-ce.docker.init @@ -0,0 +1,156 @@ +#!/bin/sh +set -e + +### BEGIN INIT INFO +# Provides: docker +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs +# Should-Start: cgroupfs-mount cgroup-lite +# Should-Stop: cgroupfs-mount cgroup-lite +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Create lightweight, portable, self-sufficient containers. +# Description: +# Docker is an open-source project to easily create lightweight, portable, +# self-sufficient containers from any application. The same container that a +# developer builds and tests on a laptop can run at scale, in production, on +# VMs, bare metal, OpenStack clusters, public clouds and more. +### END INIT INFO + +export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin + +BASE=docker + +# modify these in /etc/default/$BASE (/etc/default/docker) +DOCKERD=/usr/bin/dockerd +# This is the pid file managed by docker itself +DOCKER_PIDFILE=/var/run/$BASE.pid +# This is the pid file created/managed by start-stop-daemon +DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid +DOCKER_LOGFILE=/var/log/$BASE.log +DOCKER_OPTS= +DOCKER_DESC="Docker" + +# Get lsb functions +. /lib/lsb/init-functions + +if [ -f /etc/default/$BASE ]; then + . /etc/default/$BASE +fi + +# Check docker is present +if [ ! -x $DOCKERD ]; then + log_failure_msg "$DOCKERD not present or not executable" + exit 1 +fi + +check_init() { + # see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly) + if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then + log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1" + exit 1 + fi +} + +fail_unless_root() { + if [ "$(id -u)" != '0' ]; then + log_failure_msg "$DOCKER_DESC must be run as root" + exit 1 + fi +} + +cgroupfs_mount() { + # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount + if grep -v '^#' /etc/fstab | grep -q cgroup \ + || [ ! -e /proc/cgroups ] \ + || [ ! -d /sys/fs/cgroup ]; then + return + fi + if ! mountpoint -q /sys/fs/cgroup; then + mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup + fi + ( + cd /sys/fs/cgroup + for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do + mkdir -p $sys + if ! mountpoint -q $sys; then + if ! mount -n -t cgroup -o $sys cgroup $sys; then + rmdir $sys || true + fi + fi + done + ) +} + +case "$1" in + start) + check_init + + fail_unless_root + + cgroupfs_mount + + touch "$DOCKER_LOGFILE" + chgrp docker "$DOCKER_LOGFILE" + + ulimit -n 1048576 + + # Having non-zero limits causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. + if [ "$BASH" ]; then + ulimit -u unlimited + else + ulimit -p unlimited + fi + + log_begin_msg "Starting $DOCKER_DESC: $BASE" + start-stop-daemon --start --background \ + --no-close \ + --exec "$DOCKERD" \ + --pidfile "$DOCKER_SSD_PIDFILE" \ + --make-pidfile \ + -- \ + -p "$DOCKER_PIDFILE" \ + $DOCKER_OPTS \ + >> "$DOCKER_LOGFILE" 2>&1 + log_end_msg $? + ;; + + stop) + check_init + fail_unless_root + if [ -f "$DOCKER_SSD_PIDFILE" ]; then + log_begin_msg "Stopping $DOCKER_DESC: $BASE" + start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10 + log_end_msg $? + else + log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found." + fi + ;; + + restart) + check_init + fail_unless_root + docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null` + [ -n "$docker_pid" ] \ + && ps -p $docker_pid > /dev/null 2>&1 \ + && $0 stop + $0 start + ;; + + force-reload) + check_init + fail_unless_root + $0 restart + ;; + + status) + check_init + status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC" + ;; + + *) + echo "Usage: service docker {start|stop|restart|status}" + exit 1 + ;; +esac diff --git a/pkg/docker-engine/deb/docker-ce.docker.upstart b/pkg/docker-engine/deb/docker-ce.docker.upstart new file mode 100644 index 00000000..d58f7d6a --- /dev/null +++ b/pkg/docker-engine/deb/docker-ce.docker.upstart @@ -0,0 +1,72 @@ +description "Docker daemon" + +start on (filesystem and net-device-up IFACE!=lo) +stop on runlevel [!2345] + +limit nofile 524288 1048576 + +# Having non-zero limits causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +limit nproc unlimited unlimited + +respawn + +kill timeout 20 + +pre-start script + # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount + if grep -v '^#' /etc/fstab | grep -q cgroup \ + || [ ! -e /proc/cgroups ] \ + || [ ! -d /sys/fs/cgroup ]; then + exit 0 + fi + if ! mountpoint -q /sys/fs/cgroup; then + mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup + fi + ( + cd /sys/fs/cgroup + for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do + mkdir -p $sys + if ! mountpoint -q $sys; then + if ! mount -n -t cgroup -o $sys cgroup $sys; then + rmdir $sys || true + fi + fi + done + ) +end script + +script + # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker) + DOCKERD=/usr/bin/dockerd + DOCKER_OPTS= + if [ -f /etc/default/$UPSTART_JOB ]; then + . /etc/default/$UPSTART_JOB + fi + exec "$DOCKERD" $DOCKER_OPTS --raw-logs +end script + +# Don't emit "started" event until docker.sock is ready. +# See https://github.com/docker/docker/issues/6647 +post-start script + DOCKER_OPTS= + DOCKER_SOCKET= + if [ -f /etc/default/$UPSTART_JOB ]; then + . /etc/default/$UPSTART_JOB + fi + + if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then + DOCKER_SOCKET=/var/run/docker.sock + else + DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q) + fi + + if [ -n "$DOCKER_SOCKET" ]; then + while ! [ -e "$DOCKER_SOCKET" ]; do + initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1 + echo "Waiting for $DOCKER_SOCKET" + sleep 0.1 + done + echo "$DOCKER_SOCKET is up" + fi +end script diff --git a/pkg/docker-engine/deb/docker-ce.postinst b/pkg/docker-engine/deb/docker-ce.postinst new file mode 100644 index 00000000..eeef6ca8 --- /dev/null +++ b/pkg/docker-engine/deb/docker-ce.postinst @@ -0,0 +1,20 @@ +#!/bin/sh +set -e + +case "$1" in + configure) + if [ -z "$2" ]; then + if ! getent group docker > /dev/null; then + groupadd --system docker + fi + fi + ;; + abort-*) + # How'd we get here?? + exit 1 + ;; + *) + ;; +esac + +#DEBHELPER# diff --git a/pkg/docker-engine/deb/docs b/pkg/docker-engine/deb/docs new file mode 100644 index 00000000..073f189a --- /dev/null +++ b/pkg/docker-engine/deb/docs @@ -0,0 +1 @@ +engine/README.md diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules new file mode 100644 index 00000000..d098e3a8 --- /dev/null +++ b/pkg/docker-engine/deb/rules @@ -0,0 +1,56 @@ +#!/usr/bin/make -f + +VERSION ?= $(shell cat engine/VERSION) +BUNDLE_VERSION = $(shell cat engine/VERSION) +SYSTEMD_VERSION := $(shell dpkg-query -W -f='$${Version}\n' systemd | cut -d- -f1) +SYSTEMD_GT_227 := $(shell [ '$(SYSTEMD_VERSION)' ] && [ '$(SYSTEMD_VERSION)' -gt 227 ] && echo true ) + +override_dh_gencontrol: + # if we're on Ubuntu, we need to Recommends: apparmor + echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-ce.substvars + dh_gencontrol + +override_dh_auto_build: + cd engine && ./hack/make.sh dynbinary + cd cli && LDFLAGS="" make VERSION=$(VERSION) dynbinary + # ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here + +override_dh_auto_test: + ./engine/bundles/$(BUNDLE_VERSION)/dynbinary-daemon/dockerd -v + +override_dh_strip: + # Go has lots of problems with stripping, so just don't + +override_dh_auto_install: + mkdir -p debian/docker-ce/usr/bin + cp -aTL cli/build/docker debian/docker-ce/usr/bin/docker + cp -aT "$$(readlink -f engine/bundles/$(BUNDLE_VERSION)/dynbinary-daemon/dockerd)" debian/docker-ce/usr/bin/dockerd + cp -aT /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy + cp -aT /usr/local/bin/docker-containerd debian/docker-ce/usr/bin/docker-containerd + cp -aT /usr/local/bin/docker-containerd-shim debian/docker-ce/usr/bin/docker-containerd-shim + cp -aT /usr/local/bin/docker-containerd-ctr debian/docker-ce/usr/bin/docker-containerd-ctr + cp -aT /usr/local/bin/docker-runc debian/docker-ce/usr/bin/docker-runc + cp -aT /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init + mkdir -p debian/docker-ce/usr/lib/docker + +override_dh_installinit: + # use "docker" as our service name, not "docker-ce" + dh_installinit --name=docker +ifeq (true, $(SYSTEMD_GT_227)) + $(warning "Setting TasksMax=infinity") + sed -i -- 's/#TasksMax=infinity/TasksMax=infinity/' debian/docker-ce/lib/systemd/system/docker.service +endif + +override_dh_installudev: + # match our existing priority + dh_installudev --priority=z80 + +override_dh_install: + dh_install + dh_apparmor --profile-name=docker-ce -pdocker-ce + +override_dh_shlibdeps: + dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info + +%: + dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd) From 3e3c112a3d3b083644f951e2208816761aeae468 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Thu, 25 May 2017 05:57:29 +0000 Subject: [PATCH 002/126] pass in git commit override when building deb Signed-off-by: Andrew Hsu --- pkg/docker-engine/deb/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index d098e3a8..74f4b7c8 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -12,7 +12,7 @@ override_dh_gencontrol: override_dh_auto_build: cd engine && ./hack/make.sh dynbinary - cd cli && LDFLAGS="" make VERSION=$(VERSION) dynbinary + cd cli && LDFLAGS='' make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary # ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here override_dh_auto_test: From 2b9e0d4eb3a80158d4a9910f89d953905e5c98b4 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 26 May 2017 15:10:27 -0500 Subject: [PATCH 003/126] Add armhf dockerfiles for deb building (#4) Add armhf dockerfiles for deb building Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 74f4b7c8..9a9ed979 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -12,7 +12,7 @@ override_dh_gencontrol: override_dh_auto_build: cd engine && ./hack/make.sh dynbinary - cd cli && LDFLAGS='' make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary + LDFLAGS='' make -C cli VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary # ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here override_dh_auto_test: From d131f60da7cae3899060046ec0817e6b9e9e0e05 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Tue, 6 Jun 2017 08:39:39 +0000 Subject: [PATCH 004/126] generate man pages Signed-off-by: Andrew Hsu --- pkg/docker-engine/deb/rules | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 9a9ed979..3d16fc47 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -12,8 +12,7 @@ override_dh_gencontrol: override_dh_auto_build: cd engine && ./hack/make.sh dynbinary - LDFLAGS='' make -C cli VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary - # ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here + LDFLAGS='' make -C cli VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages override_dh_auto_test: ./engine/bundles/$(BUNDLE_VERSION)/dynbinary-daemon/dockerd -v From 205e00ec1abc41ff2d9d9c915ef5cec6f356211c Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 6 Jun 2017 11:32:27 -0700 Subject: [PATCH 005/126] Add initial systemd scripts Signed-off-by: Eli Uriegas --- .../common/systemd/docker.service | 34 +++++++++++++++++++ .../common/systemd/docker.service.rpm | 33 ++++++++++++++++++ .../common/systemd/docker.socket | 12 +++++++ 3 files changed, 79 insertions(+) create mode 100644 pkg/docker-engine/common/systemd/docker.service create mode 100644 pkg/docker-engine/common/systemd/docker.service.rpm create mode 100644 pkg/docker-engine/common/systemd/docker.socket diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service new file mode 100644 index 00000000..51746317 --- /dev/null +++ b/pkg/docker-engine/common/systemd/docker.service @@ -0,0 +1,34 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=https://docs.docker.com +After=network-online.target docker.socket firewalld.service +Wants=network-online.target +Requires=docker.socket + +[Service] +Type=notify +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker +ExecStart=/usr/bin/dockerd -H fd:// +ExecReload=/bin/kill -s HUP $MAINPID +LimitNOFILE=1048576 +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNPROC=infinity +LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this version. +#TasksMax=infinity +TimeoutStartSec=0 +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes +# kill only the docker process, not all processes in the cgroup +KillMode=process +# restart the docker process if it exits prematurely +Restart=on-failure +StartLimitBurst=3 +StartLimitInterval=60s + +[Install] +WantedBy=multi-user.target diff --git a/pkg/docker-engine/common/systemd/docker.service.rpm b/pkg/docker-engine/common/systemd/docker.service.rpm new file mode 100644 index 00000000..6c60646b --- /dev/null +++ b/pkg/docker-engine/common/systemd/docker.service.rpm @@ -0,0 +1,33 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=https://docs.docker.com +After=network-online.target firewalld.service +Wants=network-online.target + +[Service] +Type=notify +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker +ExecStart=/usr/bin/dockerd +ExecReload=/bin/kill -s HUP $MAINPID +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this version. +#TasksMax=infinity +TimeoutStartSec=0 +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes +# kill only the docker process, not all processes in the cgroup +KillMode=process +# restart the docker process if it exits prematurely +Restart=on-failure +StartLimitBurst=3 +StartLimitInterval=60s + +[Install] +WantedBy=multi-user.target diff --git a/pkg/docker-engine/common/systemd/docker.socket b/pkg/docker-engine/common/systemd/docker.socket new file mode 100644 index 00000000..7dd95098 --- /dev/null +++ b/pkg/docker-engine/common/systemd/docker.socket @@ -0,0 +1,12 @@ +[Unit] +Description=Docker Socket for the API +PartOf=docker.service + +[Socket] +ListenStream=/var/run/docker.sock +SocketMode=0660 +SocketUser=root +SocketGroup=docker + +[Install] +WantedBy=sockets.target From e49e5895e9e16139486a15e88c4b80517ca57bff Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 6 Jun 2017 14:27:41 -0700 Subject: [PATCH 006/126] Use internal systemd scripts for RPM packaging Signed-off-by: Eli Uriegas --- .../common/systemd/docker.service.rpm | 33 ------------------- 1 file changed, 33 deletions(-) delete mode 100644 pkg/docker-engine/common/systemd/docker.service.rpm diff --git a/pkg/docker-engine/common/systemd/docker.service.rpm b/pkg/docker-engine/common/systemd/docker.service.rpm deleted file mode 100644 index 6c60646b..00000000 --- a/pkg/docker-engine/common/systemd/docker.service.rpm +++ /dev/null @@ -1,33 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target firewalld.service -Wants=network-online.target - -[Service] -Type=notify -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker -ExecStart=/usr/bin/dockerd -ExecReload=/bin/kill -s HUP $MAINPID -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=infinity -LimitNPROC=infinity -LimitCORE=infinity -# Uncomment TasksMax if your systemd version supports it. -# Only systemd 226 and above support this version. -#TasksMax=infinity -TimeoutStartSec=0 -# set delegate yes so that systemd does not reset the cgroups of docker containers -Delegate=yes -# kill only the docker process, not all processes in the cgroup -KillMode=process -# restart the docker process if it exits prematurely -Restart=on-failure -StartLimitBurst=3 -StartLimitInterval=60s - -[Install] -WantedBy=multi-user.target From e829ca2be020676d22e2da9e2146f4d1a1b1da83 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 6 Jun 2017 14:56:39 -0700 Subject: [PATCH 007/126] Use internal systemd scripts for DEB packaging Signed-off-by: Eli Uriegas --- .../common/systemd/docker.service | 34 ------------------- .../common/systemd/docker.socket | 12 ------- 2 files changed, 46 deletions(-) delete mode 100644 pkg/docker-engine/common/systemd/docker.service delete mode 100644 pkg/docker-engine/common/systemd/docker.socket diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service deleted file mode 100644 index 51746317..00000000 --- a/pkg/docker-engine/common/systemd/docker.service +++ /dev/null @@ -1,34 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target docker.socket firewalld.service -Wants=network-online.target -Requires=docker.socket - -[Service] -Type=notify -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker -ExecStart=/usr/bin/dockerd -H fd:// -ExecReload=/bin/kill -s HUP $MAINPID -LimitNOFILE=1048576 -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNPROC=infinity -LimitCORE=infinity -# Uncomment TasksMax if your systemd version supports it. -# Only systemd 226 and above support this version. -#TasksMax=infinity -TimeoutStartSec=0 -# set delegate yes so that systemd does not reset the cgroups of docker containers -Delegate=yes -# kill only the docker process, not all processes in the cgroup -KillMode=process -# restart the docker process if it exits prematurely -Restart=on-failure -StartLimitBurst=3 -StartLimitInterval=60s - -[Install] -WantedBy=multi-user.target diff --git a/pkg/docker-engine/common/systemd/docker.socket b/pkg/docker-engine/common/systemd/docker.socket deleted file mode 100644 index 7dd95098..00000000 --- a/pkg/docker-engine/common/systemd/docker.socket +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Docker Socket for the API -PartOf=docker.service - -[Socket] -ListenStream=/var/run/docker.sock -SocketMode=0660 -SocketUser=root -SocketGroup=docker - -[Install] -WantedBy=sockets.target From c5e4d2ebcf41eccee527f6add21feb22283effab Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Sun, 18 Jun 2017 15:24:56 -0700 Subject: [PATCH 008/126] Add conflicts with docker-ee Signed-off-by: Brian Goff --- pkg/docker-engine/deb/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 45ca68f1..ce6a86f4 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -16,7 +16,7 @@ Recommends: aufs-tools, git, xz-utils, ${apparmor:Recommends} -Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine-cs +Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine-cs, docker-ee Replaces: docker-engine Description: Docker: the open-source application container engine Docker is an open source project to build, ship and run any application as a From bb606ad2edea2d7c5a6460520a60301c46545bd3 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Tue, 20 Jun 2017 03:55:08 +0000 Subject: [PATCH 009/126] also have deb pkg conflict docker-engine Signed-off-by: Andrew Hsu --- pkg/docker-engine/deb/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index ce6a86f4..a3285cd0 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -16,7 +16,7 @@ Recommends: aufs-tools, git, xz-utils, ${apparmor:Recommends} -Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine-cs, docker-ee +Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs, docker-ee Replaces: docker-engine Description: Docker: the open-source application container engine Docker is an open source project to build, ship and run any application as a From 8d87fc8c2f69b342f171a7d92f7cd2e025f5bdf0 Mon Sep 17 00:00:00 2001 From: Roberto Gandolfo Hashioka Date: Wed, 24 May 2017 08:33:49 -0700 Subject: [PATCH 010/126] Added the metrics plugin to the RPM/DEB packages - centos - fedora - ubuntu - debian Signed-off-by: Roberto Gandolfo Hashioka --- pkg/docker-engine/deb/docker-ce.docker.init | 4 +++- pkg/docker-engine/deb/docker-ce.docker.upstart | 2 ++ pkg/docker-engine/deb/rules | 6 ++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/docker-ce.docker.init b/pkg/docker-engine/deb/docker-ce.docker.init index 9c8fa6be..53657ff4 100644 --- a/pkg/docker-engine/deb/docker-ce.docker.init +++ b/pkg/docker-engine/deb/docker-ce.docker.init @@ -85,7 +85,7 @@ cgroupfs_mount() { case "$1" in start) check_init - + fail_unless_root cgroupfs_mount @@ -114,6 +114,8 @@ case "$1" in $DOCKER_OPTS \ >> "$DOCKER_LOGFILE" 2>&1 log_end_msg $? + # load metrics plugin (disabled by default) + /usr/bin/load-telemetry-plugin ;; stop) diff --git a/pkg/docker-engine/deb/docker-ce.docker.upstart b/pkg/docker-engine/deb/docker-ce.docker.upstart index d58f7d6a..de6a65fd 100644 --- a/pkg/docker-engine/deb/docker-ce.docker.upstart +++ b/pkg/docker-engine/deb/docker-ce.docker.upstart @@ -69,4 +69,6 @@ post-start script done echo "$DOCKER_SOCKET is up" fi + # load metrics plugin (disabled by default) + /usr/bin/load-telemetry-plugin end script diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 3d16fc47..3b61d097 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -11,6 +11,8 @@ override_dh_gencontrol: dh_gencontrol override_dh_auto_build: + # create metrics plugin metadata + printf '{"edition_type":"ce","edition_name":"%s","edition_version":"%s"}\n' "$(DISTRO)" "$(VERSION)" > /plugin/.plugin-metadata cd engine && ./hack/make.sh dynbinary LDFLAGS='' make -C cli VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages @@ -31,6 +33,10 @@ override_dh_auto_install: cp -aT /usr/local/bin/docker-runc debian/docker-ce/usr/bin/docker-runc cp -aT /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init mkdir -p debian/docker-ce/usr/lib/docker + mkdir -p debian/docker-ce/var/lib/docker/plugins/tar + cp -aTL /plugin/telemetry_$(PLUGIN_VERSION).tgz debian/docker-ce/var/lib/docker/plugins/tar/telemetry_$(PLUGIN_VERSION).tgz + cp -aTL /plugin/.plugin-metadata debian/docker-ce/var/lib/docker/plugins/tar/.plugin-metadata + cp -aTL /root/build-deb/common/load-telemetry-plugin debian/docker-ce/usr/bin/load-telemetry-plugin override_dh_installinit: # use "docker" as our service name, not "docker-ce" From 5960270862ce5ea7a41fbf83a3ba2d40973c4944 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 20 Jul 2017 17:11:04 -0700 Subject: [PATCH 011/126] Have docker cli be compiled in GOPATH manpage generation was failing for docker cli when being run under aarch64: https://ci.qa.aws.dckr.io/job/docker/job/release-packaging/view/change-requests/job/PR-41/5/execution/node/360/log/ The way to remedy this is to compile the cli and the manpages while in the GOPATH so that dependencies found in the vendor folder are discovered by the go build tools. Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 3d16fc47..2f3cee28 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -12,7 +12,7 @@ override_dh_gencontrol: override_dh_auto_build: cd engine && ./hack/make.sh dynbinary - LDFLAGS='' make -C cli VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages + LDFLAGS='' make -C /go/src/github.com/docker/cli VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages override_dh_auto_test: ./engine/bundles/$(BUNDLE_VERSION)/dynbinary-daemon/dockerd -v From 1f93d8caf3e323b31b9f7497c5ac21d1fe1bc075 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 21 Jul 2017 10:44:34 -0700 Subject: [PATCH 012/126] Change make -C to a cd command Tried out make -C in this scenario and it did not seem to function correctly, changed to cd. Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 2f3cee28..e2962bb7 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -12,7 +12,7 @@ override_dh_gencontrol: override_dh_auto_build: cd engine && ./hack/make.sh dynbinary - LDFLAGS='' make -C /go/src/github.com/docker/cli VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages + cd /go/src/github.com/docker/cli && LDFLAGS='' make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages override_dh_auto_test: ./engine/bundles/$(BUNDLE_VERSION)/dynbinary-daemon/dockerd -v From e1ed09ac4c3af29df762d987d614653799766ccd Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 24 Jul 2017 15:52:49 -0700 Subject: [PATCH 013/126] Revert "Added the metrics plugin to the RPM/DEB packages" This reverts commit 8d87fc8c2f69b342f171a7d92f7cd2e025f5bdf0. Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/docker-ce.docker.init | 4 +--- pkg/docker-engine/deb/docker-ce.docker.upstart | 2 -- pkg/docker-engine/deb/rules | 6 ------ 3 files changed, 1 insertion(+), 11 deletions(-) diff --git a/pkg/docker-engine/deb/docker-ce.docker.init b/pkg/docker-engine/deb/docker-ce.docker.init index 53657ff4..9c8fa6be 100644 --- a/pkg/docker-engine/deb/docker-ce.docker.init +++ b/pkg/docker-engine/deb/docker-ce.docker.init @@ -85,7 +85,7 @@ cgroupfs_mount() { case "$1" in start) check_init - + fail_unless_root cgroupfs_mount @@ -114,8 +114,6 @@ case "$1" in $DOCKER_OPTS \ >> "$DOCKER_LOGFILE" 2>&1 log_end_msg $? - # load metrics plugin (disabled by default) - /usr/bin/load-telemetry-plugin ;; stop) diff --git a/pkg/docker-engine/deb/docker-ce.docker.upstart b/pkg/docker-engine/deb/docker-ce.docker.upstart index de6a65fd..d58f7d6a 100644 --- a/pkg/docker-engine/deb/docker-ce.docker.upstart +++ b/pkg/docker-engine/deb/docker-ce.docker.upstart @@ -69,6 +69,4 @@ post-start script done echo "$DOCKER_SOCKET is up" fi - # load metrics plugin (disabled by default) - /usr/bin/load-telemetry-plugin end script diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 4d5124e6..e2962bb7 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -11,8 +11,6 @@ override_dh_gencontrol: dh_gencontrol override_dh_auto_build: - # create metrics plugin metadata - printf '{"edition_type":"ce","edition_name":"%s","edition_version":"%s"}\n' "$(DISTRO)" "$(VERSION)" > /plugin/.plugin-metadata cd engine && ./hack/make.sh dynbinary cd /go/src/github.com/docker/cli && LDFLAGS='' make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages @@ -33,10 +31,6 @@ override_dh_auto_install: cp -aT /usr/local/bin/docker-runc debian/docker-ce/usr/bin/docker-runc cp -aT /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init mkdir -p debian/docker-ce/usr/lib/docker - mkdir -p debian/docker-ce/var/lib/docker/plugins/tar - cp -aTL /plugin/telemetry_$(PLUGIN_VERSION).tgz debian/docker-ce/var/lib/docker/plugins/tar/telemetry_$(PLUGIN_VERSION).tgz - cp -aTL /plugin/.plugin-metadata debian/docker-ce/var/lib/docker/plugins/tar/.plugin-metadata - cp -aTL /root/build-deb/common/load-telemetry-plugin debian/docker-ce/usr/bin/load-telemetry-plugin override_dh_installinit: # use "docker" as our service name, not "docker-ce" From e4963871fcca0a07c15dcac0ef84e647476c150a Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 1 Sep 2017 12:22:33 -0700 Subject: [PATCH 014/126] Removes engine VERSION dependency Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/rules | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index e2962bb7..14d91c3b 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -1,7 +1,6 @@ #!/usr/bin/make -f VERSION ?= $(shell cat engine/VERSION) -BUNDLE_VERSION = $(shell cat engine/VERSION) SYSTEMD_VERSION := $(shell dpkg-query -W -f='$${Version}\n' systemd | cut -d- -f1) SYSTEMD_GT_227 := $(shell [ '$(SYSTEMD_VERSION)' ] && [ '$(SYSTEMD_VERSION)' -gt 227 ] && echo true ) @@ -15,7 +14,7 @@ override_dh_auto_build: cd /go/src/github.com/docker/cli && LDFLAGS='' make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages override_dh_auto_test: - ./engine/bundles/$(BUNDLE_VERSION)/dynbinary-daemon/dockerd -v + ./engine/bundles/dynbinary-daemon/dockerd -v override_dh_strip: # Go has lots of problems with stripping, so just don't @@ -23,7 +22,7 @@ override_dh_strip: override_dh_auto_install: mkdir -p debian/docker-ce/usr/bin cp -aTL cli/build/docker debian/docker-ce/usr/bin/docker - cp -aT "$$(readlink -f engine/bundles/$(BUNDLE_VERSION)/dynbinary-daemon/dockerd)" debian/docker-ce/usr/bin/dockerd + cp -aT "$$(readlink -f engine/bundles/dynbinary-daemon/dockerd)" debian/docker-ce/usr/bin/dockerd cp -aT /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy cp -aT /usr/local/bin/docker-containerd debian/docker-ce/usr/bin/docker-containerd cp -aT /usr/local/bin/docker-containerd-shim debian/docker-ce/usr/bin/docker-containerd-shim From f01acd17f938503a41483f862d8792dc65ba6c29 Mon Sep 17 00:00:00 2001 From: Sargun Dhillon Date: Thu, 18 Jan 2018 15:51:57 -0800 Subject: [PATCH 015/126] Add pigz to recommended packages This change is in response to https://github.com/moby/moby/pull/35697 It adds pigz to the recommended binaries that should be installed with docker-ce. Signed-off-by: Sargun Dhillon --- pkg/docker-engine/deb/control | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index a3285cd0..a12448f1 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -14,6 +14,7 @@ Recommends: aufs-tools, ca-certificates, cgroupfs-mount | cgroup-lite, git, + pigz, xz-utils, ${apparmor:Recommends} Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs, docker-ee From 48e12c82dd09b9d16d3f77c244a495bde51c5cc5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 18 Jan 2018 22:26:05 -0800 Subject: [PATCH 016/126] deb/common/rules: fix uncommenting TasksMax Since systemd version 228, a new setting, `TasksMax`, has appeared, which limits the number of tasks used by a service (via pids cgroup controller). Unfortunately, a default for this setting, `DefaultTaskMax`, is set to 512. In systemd version 231 it is changed to 15% which practically is 4195, as the value from /proc/sys/kernel/pid_max is treated like 100%). Either 512 or 4195 is severily limited value for Docker Engine, as it can run thousands of containers with thousands of tasks in each, and the number of tasks limit should be set on a per-container basis by the Docker user. So, the most reasonable setting for `TasksMax` is `unlimited`. Unfortunately, older versions of systemd warn about unknown `TasksMax` parameter in `docker.service` file, and the warning is rather annoying, therefore this setting is commented out by default, and is supposed to be uncommented by the user. The problem with that is, once the limit is hit, all sorts of bad things happen and it's not really clear even to an advanced user that this setting is the source of issues. Now, `rules` file already contain a hack to check for the systemd version (during build time) and in case the version is greater than 227, uncomment the `TasksMax=unlimited` line. Alas, it does not work during normal builds, the reason being systemd is not installed into build environments. An obvious fix would be to add systemd to the list of installed packages in all Dockerfiles used to build debs. Fortunately, there is a simpler way, as libsystemd-dev is installed, and it's a subpackage of systemd built from the same source and carrying the same version, so it can also be checked. Signed-off-by: Kir Kolyshkin --- pkg/docker-engine/deb/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 14d91c3b..f75a8eaf 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -1,7 +1,7 @@ #!/usr/bin/make -f VERSION ?= $(shell cat engine/VERSION) -SYSTEMD_VERSION := $(shell dpkg-query -W -f='$${Version}\n' systemd | cut -d- -f1) +SYSTEMD_VERSION := $(shell dpkg-query -W -f='$${Version}\n' systemd libsystemd-dev | head -1 | cut -d- -f1) SYSTEMD_GT_227 := $(shell [ '$(SYSTEMD_VERSION)' ] && [ '$(SYSTEMD_VERSION)' -gt 227 ] && echo true ) override_dh_gencontrol: From 4cd84c8dd23794dd51038960aa354e238ac3b886 Mon Sep 17 00:00:00 2001 From: Daniel Hiltgen Date: Fri, 18 May 2018 10:36:34 -0700 Subject: [PATCH 017/126] CE package conversion This splits out the CLI into a discrete package and removes the engine from the engine package. Instead the engine is initialized via a post-inst script using the new CLI UX. --- pkg/docker-engine/deb/control | 29 +++- .../deb/docker-ce.docker.default | 20 --- pkg/docker-engine/deb/docker-ce.docker.init | 156 ------------------ .../deb/docker-ce.docker.upstart | 72 -------- pkg/docker-engine/deb/docker-ce.postinst | 4 + pkg/docker-engine/deb/docs | 2 +- pkg/docker-engine/deb/rules | 28 +--- 7 files changed, 36 insertions(+), 275 deletions(-) delete mode 100644 pkg/docker-engine/deb/docker-ce.docker.default delete mode 100644 pkg/docker-engine/deb/docker-ce.docker.init delete mode 100644 pkg/docker-engine/deb/docker-ce.docker.upstart diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index a12448f1..0f23b511 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -9,8 +9,8 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any -Depends: iptables, ${misc:Depends}, ${perl:Depends}, ${shlibs:Depends} -Recommends: aufs-tools, +Depends: docker-ce-cli, containerd, ${shlibs:Depends} +Recommends: abufs-tools, ca-certificates, cgroupfs-mount | cgroup-lite, git, @@ -29,3 +29,28 @@ Description: Docker: the open-source application container engine language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. + +Source: docker-ce-cli +Section: admin +Priority: optional +Maintainer: Docker +Standards-Version: 3.9.6 +Homepage: https://dockerproject.org +Vcs-Browser: https://github.com/docker/cli +Vcs-Git: git://github.com/docker/cli.git +Package: docker-ce-cli +Architecture: linux-any +Depends: ${shlibs:Depends} +Recommends: +Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs, docker-ee-cli +Replaces: +Description: Docker CLI: the open-source application container engine + Docker is an open source project to build, ship and run any application as a + lightweight container + . + Docker containers are both hardware-agnostic and platform-agnostic. This means + they can run anywhere, from your laptop to the largest EC2 compute instance and + everything in between - and they don't require you to use a particular + language, framework or packaging system. That makes them great building blocks + for deploying and scaling web apps, databases, and backend services without + depending on a particular stack or provider. diff --git a/pkg/docker-engine/deb/docker-ce.docker.default b/pkg/docker-engine/deb/docker-ce.docker.default deleted file mode 100644 index c4e93199..00000000 --- a/pkg/docker-engine/deb/docker-ce.docker.default +++ /dev/null @@ -1,20 +0,0 @@ -# Docker Upstart and SysVinit configuration file - -# -# THIS FILE DOES NOT APPLY TO SYSTEMD -# -# Please see the documentation for "systemd drop-ins": -# https://docs.docker.com/engine/admin/systemd/ -# - -# Customize location of Docker binary (especially for development testing). -#DOCKERD="/usr/local/bin/dockerd" - -# Use DOCKER_OPTS to modify the daemon startup options. -#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4" - -# If you need Docker to use an HTTP proxy, it can also be specified here. -#export http_proxy="http://127.0.0.1:3128/" - -# This is also a handy place to tweak where Docker's temporary files go. -#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp" diff --git a/pkg/docker-engine/deb/docker-ce.docker.init b/pkg/docker-engine/deb/docker-ce.docker.init deleted file mode 100644 index 9c8fa6be..00000000 --- a/pkg/docker-engine/deb/docker-ce.docker.init +++ /dev/null @@ -1,156 +0,0 @@ -#!/bin/sh -set -e - -### BEGIN INIT INFO -# Provides: docker -# Required-Start: $syslog $remote_fs -# Required-Stop: $syslog $remote_fs -# Should-Start: cgroupfs-mount cgroup-lite -# Should-Stop: cgroupfs-mount cgroup-lite -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Create lightweight, portable, self-sufficient containers. -# Description: -# Docker is an open-source project to easily create lightweight, portable, -# self-sufficient containers from any application. The same container that a -# developer builds and tests on a laptop can run at scale, in production, on -# VMs, bare metal, OpenStack clusters, public clouds and more. -### END INIT INFO - -export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin - -BASE=docker - -# modify these in /etc/default/$BASE (/etc/default/docker) -DOCKERD=/usr/bin/dockerd -# This is the pid file managed by docker itself -DOCKER_PIDFILE=/var/run/$BASE.pid -# This is the pid file created/managed by start-stop-daemon -DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid -DOCKER_LOGFILE=/var/log/$BASE.log -DOCKER_OPTS= -DOCKER_DESC="Docker" - -# Get lsb functions -. /lib/lsb/init-functions - -if [ -f /etc/default/$BASE ]; then - . /etc/default/$BASE -fi - -# Check docker is present -if [ ! -x $DOCKERD ]; then - log_failure_msg "$DOCKERD not present or not executable" - exit 1 -fi - -check_init() { - # see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly) - if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then - log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1" - exit 1 - fi -} - -fail_unless_root() { - if [ "$(id -u)" != '0' ]; then - log_failure_msg "$DOCKER_DESC must be run as root" - exit 1 - fi -} - -cgroupfs_mount() { - # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount - if grep -v '^#' /etc/fstab | grep -q cgroup \ - || [ ! -e /proc/cgroups ] \ - || [ ! -d /sys/fs/cgroup ]; then - return - fi - if ! mountpoint -q /sys/fs/cgroup; then - mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup - fi - ( - cd /sys/fs/cgroup - for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do - mkdir -p $sys - if ! mountpoint -q $sys; then - if ! mount -n -t cgroup -o $sys cgroup $sys; then - rmdir $sys || true - fi - fi - done - ) -} - -case "$1" in - start) - check_init - - fail_unless_root - - cgroupfs_mount - - touch "$DOCKER_LOGFILE" - chgrp docker "$DOCKER_LOGFILE" - - ulimit -n 1048576 - - # Having non-zero limits causes performance problems due to accounting overhead - # in the kernel. We recommend using cgroups to do container-local accounting. - if [ "$BASH" ]; then - ulimit -u unlimited - else - ulimit -p unlimited - fi - - log_begin_msg "Starting $DOCKER_DESC: $BASE" - start-stop-daemon --start --background \ - --no-close \ - --exec "$DOCKERD" \ - --pidfile "$DOCKER_SSD_PIDFILE" \ - --make-pidfile \ - -- \ - -p "$DOCKER_PIDFILE" \ - $DOCKER_OPTS \ - >> "$DOCKER_LOGFILE" 2>&1 - log_end_msg $? - ;; - - stop) - check_init - fail_unless_root - if [ -f "$DOCKER_SSD_PIDFILE" ]; then - log_begin_msg "Stopping $DOCKER_DESC: $BASE" - start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10 - log_end_msg $? - else - log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found." - fi - ;; - - restart) - check_init - fail_unless_root - docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null` - [ -n "$docker_pid" ] \ - && ps -p $docker_pid > /dev/null 2>&1 \ - && $0 stop - $0 start - ;; - - force-reload) - check_init - fail_unless_root - $0 restart - ;; - - status) - check_init - status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC" - ;; - - *) - echo "Usage: service docker {start|stop|restart|status}" - exit 1 - ;; -esac diff --git a/pkg/docker-engine/deb/docker-ce.docker.upstart b/pkg/docker-engine/deb/docker-ce.docker.upstart deleted file mode 100644 index d58f7d6a..00000000 --- a/pkg/docker-engine/deb/docker-ce.docker.upstart +++ /dev/null @@ -1,72 +0,0 @@ -description "Docker daemon" - -start on (filesystem and net-device-up IFACE!=lo) -stop on runlevel [!2345] - -limit nofile 524288 1048576 - -# Having non-zero limits causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -limit nproc unlimited unlimited - -respawn - -kill timeout 20 - -pre-start script - # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount - if grep -v '^#' /etc/fstab | grep -q cgroup \ - || [ ! -e /proc/cgroups ] \ - || [ ! -d /sys/fs/cgroup ]; then - exit 0 - fi - if ! mountpoint -q /sys/fs/cgroup; then - mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup - fi - ( - cd /sys/fs/cgroup - for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do - mkdir -p $sys - if ! mountpoint -q $sys; then - if ! mount -n -t cgroup -o $sys cgroup $sys; then - rmdir $sys || true - fi - fi - done - ) -end script - -script - # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker) - DOCKERD=/usr/bin/dockerd - DOCKER_OPTS= - if [ -f /etc/default/$UPSTART_JOB ]; then - . /etc/default/$UPSTART_JOB - fi - exec "$DOCKERD" $DOCKER_OPTS --raw-logs -end script - -# Don't emit "started" event until docker.sock is ready. -# See https://github.com/docker/docker/issues/6647 -post-start script - DOCKER_OPTS= - DOCKER_SOCKET= - if [ -f /etc/default/$UPSTART_JOB ]; then - . /etc/default/$UPSTART_JOB - fi - - if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then - DOCKER_SOCKET=/var/run/docker.sock - else - DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q) - fi - - if [ -n "$DOCKER_SOCKET" ]; then - while ! [ -e "$DOCKER_SOCKET" ]; do - initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1 - echo "Waiting for $DOCKER_SOCKET" - sleep 0.1 - done - echo "$DOCKER_SOCKET is up" - fi -end script diff --git a/pkg/docker-engine/deb/docker-ce.postinst b/pkg/docker-engine/deb/docker-ce.postinst index eeef6ca8..f0cb34de 100644 --- a/pkg/docker-engine/deb/docker-ce.postinst +++ b/pkg/docker-engine/deb/docker-ce.postinst @@ -7,6 +7,10 @@ case "$1" in if ! getent group docker > /dev/null; then groupadd --system docker fi + # TODO Needs upgrade vs. install logic handling here + if ctr --namespace docker container info dockerd 2&>1 > /dev/null ; then + docker engine init + fi fi ;; abort-*) diff --git a/pkg/docker-engine/deb/docs b/pkg/docker-engine/deb/docs index 073f189a..1e89a492 100644 --- a/pkg/docker-engine/deb/docs +++ b/pkg/docker-engine/deb/docs @@ -1 +1 @@ -engine/README.md +cli/README.md diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index f75a8eaf..27e05dce 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -10,41 +10,21 @@ override_dh_gencontrol: dh_gencontrol override_dh_auto_build: - cd engine && ./hack/make.sh dynbinary cd /go/src/github.com/docker/cli && LDFLAGS='' make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages override_dh_auto_test: - ./engine/bundles/dynbinary-daemon/dockerd -v + #./engine/bundles/dynbinary-daemon/dockerd -v override_dh_strip: # Go has lots of problems with stripping, so just don't override_dh_auto_install: - mkdir -p debian/docker-ce/usr/bin - cp -aTL cli/build/docker debian/docker-ce/usr/bin/docker - cp -aT "$$(readlink -f engine/bundles/dynbinary-daemon/dockerd)" debian/docker-ce/usr/bin/dockerd - cp -aT /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy - cp -aT /usr/local/bin/docker-containerd debian/docker-ce/usr/bin/docker-containerd - cp -aT /usr/local/bin/docker-containerd-shim debian/docker-ce/usr/bin/docker-containerd-shim - cp -aT /usr/local/bin/docker-containerd-ctr debian/docker-ce/usr/bin/docker-containerd-ctr - cp -aT /usr/local/bin/docker-runc debian/docker-ce/usr/bin/docker-runc - cp -aT /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init - mkdir -p debian/docker-ce/usr/lib/docker - -override_dh_installinit: - # use "docker" as our service name, not "docker-ce" - dh_installinit --name=docker -ifeq (true, $(SYSTEMD_GT_227)) - $(warning "Setting TasksMax=infinity") - sed -i -- 's/#TasksMax=infinity/TasksMax=infinity/' debian/docker-ce/lib/systemd/system/docker.service -endif - -override_dh_installudev: - # match our existing priority - dh_installudev --priority=z80 + mkdir -p debian/docker-ce-cli/usr/bin + cp -aTL cli/build/docker debian/docker-ce-cli/usr/bin/docker override_dh_install: dh_install + # TODO Can we do this from within our container? dh_apparmor --profile-name=docker-ce -pdocker-ce override_dh_shlibdeps: From 566d7ba55acea5f10e9207057616163d6b0b9551 Mon Sep 17 00:00:00 2001 From: Daniel Hiltgen Date: Thu, 2 Aug 2018 16:53:29 -0700 Subject: [PATCH 018/126] Address review comments on PR #128 --- pkg/docker-engine/deb/control | 4 ++-- pkg/docker-engine/deb/rules | 3 --- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 0f23b511..46f21f56 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -3,7 +3,7 @@ Section: admin Priority: optional Maintainer: Docker Standards-Version: 3.9.6 -Homepage: https://dockerproject.org +Homepage: https://docker.com Vcs-Browser: https://github.com/docker/docker Vcs-Git: git://github.com/docker/docker.git @@ -35,7 +35,7 @@ Section: admin Priority: optional Maintainer: Docker Standards-Version: 3.9.6 -Homepage: https://dockerproject.org +Homepage: https://docker.com Vcs-Browser: https://github.com/docker/cli Vcs-Git: git://github.com/docker/cli.git Package: docker-ce-cli diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 27e05dce..3e1cd64c 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -12,9 +12,6 @@ override_dh_gencontrol: override_dh_auto_build: cd /go/src/github.com/docker/cli && LDFLAGS='' make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages -override_dh_auto_test: - #./engine/bundles/dynbinary-daemon/dockerd -v - override_dh_strip: # Go has lots of problems with stripping, so just don't From bac222a8620f4f35d6b8a8fac06f84f8371d2791 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 6 Aug 2018 18:13:03 +0000 Subject: [PATCH 019/126] Add RPM package building for docker-ce-cli Splits out the docker-ce package and docker-ce-cli package into their own things. Still TODO: need to have a cleanup on the dependencies for the Dockerfiles Signed-off-by: Eli Uriegas --- pkg/docker-engine/rpm/docker-ce.spec | 51 ++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 pkg/docker-engine/rpm/docker-ce.spec diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec new file mode 100644 index 00000000..a2e3d25b --- /dev/null +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -0,0 +1,51 @@ +%global debug_package %{nil} + +Name: docker-ce +Version: %{_version} +Release: %{_release}%{?dist} +Epoch: %{getenv:EPOCH} +Summary: The open-source application container engine +Group: Tools/Docker +License: ASL 2.0 +URL: https://www.docker.com +Vendor: Docker +Packager: Docker + +Requires: docker-ce-cli + +# conflicting packages +Conflicts: docker +Conflicts: docker-io +Conflicts: docker-engine-cs +Conflicts: docker-ee + +# Obsolete packages +Obsoletes: docker-ce-selinux +Obsoletes: docker-engine-selinux +Obsoletes: docker-engine + +%description +Docker is an open source project to build, ship and run any application as a +lightweight container. + +Docker containers are both hardware-agnostic and platform-agnostic. This means +they can run anywhere, from your laptop to the largest EC2 compute instance and +everything in between - and they don't require you to use a particular +language, framework or packaging system. That makes them great building blocks +for deploying and scaling web apps, databases, and backend services without +depending on a particular stack or provider. + +%install + +%files + +%post +if ! getent group docker > /dev/null; then + groupadd --system docker +fi +# TODO Needs upgrade vs. install logic handling here +if ctr --namespace docker container info dockerd > /dev/null 2>&1 ; then + docker engine init +fi + +%changelog From 7acd91eda283ec14a0a194a899e43d86e376a9f1 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 14 Aug 2018 02:57:59 +0000 Subject: [PATCH 020/126] Add containerd-proxy building Signed-off-by: Eli Uriegas --- pkg/docker-engine/rpm/docker-ce.spec | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index a2e3d25b..2bd53ba8 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -4,6 +4,7 @@ Name: docker-ce Version: %{_version} Release: %{_release}%{?dist} Epoch: %{getenv:EPOCH} +Source0: containerd-proxy.tgz Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -35,17 +36,24 @@ language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. +%prep +%setup -q -c -n src + +%build +mkdir -p /go/src/github.com/crosbymichael/ +ls %{_topdir}/BUILD/src +ln -s %{_topdir}/BUILD/src/containerd-proxy /go/src/github.com/crosbymichael/containerd-proxy +go build -v -o /build/dockerd github.com/crosbymichael/containerd-proxy + %install +install -D -m 0755 /build/dockerd $RPM_BUILD_ROOT/%{_bindir}/dockerd %files +/%{_bindir}/dockerd %post if ! getent group docker > /dev/null; then groupadd --system docker fi -# TODO Needs upgrade vs. install logic handling here -if ctr --namespace docker container info dockerd > /dev/null 2>&1 ; then - docker engine init -fi %changelog From 9dbf88fd36b74c850327fae0d99045302fcc89ad Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 14 Aug 2018 03:23:24 +0000 Subject: [PATCH 021/126] Add containerd-shim-process installation Also split off containerd.mk into it's own thing since most of this stuff will be re-used with debian packaging anyways. Signed-off-by: Eli Uriegas --- pkg/docker-engine/rpm/docker-ce.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 2bd53ba8..b0e4ca51 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -5,6 +5,7 @@ Version: %{_version} Release: %{_release}%{?dist} Epoch: %{getenv:EPOCH} Source0: containerd-proxy.tgz +Source1: containerd-shim-process.tar Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -13,6 +14,8 @@ Vendor: Docker Packager: Docker Requires: docker-ce-cli +# Should be required as well by docker-ce-cli but let's just be thorough +Requires: containerd.io # conflicting packages Conflicts: docker @@ -40,6 +43,7 @@ depending on a particular stack or provider. %setup -q -c -n src %build +# dockerd proxy compilation mkdir -p /go/src/github.com/crosbymichael/ ls %{_topdir}/BUILD/src ln -s %{_topdir}/BUILD/src/containerd-proxy /go/src/github.com/crosbymichael/containerd-proxy @@ -47,9 +51,12 @@ go build -v -o /build/dockerd github.com/crosbymichael/containerd-proxy %install install -D -m 0755 /build/dockerd $RPM_BUILD_ROOT/%{_bindir}/dockerd +# TODO: Use containerd-offline-installer to actually install this as ExecStartPre systemd step +install -D -m 0644 %{_topdir}/SOURCES/containerd-shim-process.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/containerd/containerd-shim-process.tar %files /%{_bindir}/dockerd +/%{_sharedstatedir}/containerd/containerd-shim-process.tar %post if ! getent group docker > /dev/null; then From 8fc0f60e33c45a9b27eb57c2697831940d668ae6 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 14 Aug 2018 17:27:32 +0000 Subject: [PATCH 022/126] Remove rpmlint checks, add BuildRequires rpmlint checks can be re-added later Signed-off-by: Eli Uriegas --- pkg/docker-engine/rpm/docker-ce.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index b0e4ca51..fe51b992 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -3,7 +3,7 @@ Name: docker-ce Version: %{_version} Release: %{_release}%{?dist} -Epoch: %{getenv:EPOCH} +Epoch: 2 Source0: containerd-proxy.tgz Source1: containerd-shim-process.tar Summary: The open-source application container engine @@ -17,6 +17,8 @@ Requires: docker-ce-cli # Should be required as well by docker-ce-cli but let's just be thorough Requires: containerd.io +BuildRequires: gcc + # conflicting packages Conflicts: docker Conflicts: docker-io From 309642f428758f37cfc0498738d410ab9799b5f4 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 14 Aug 2018 20:30:22 +0000 Subject: [PATCH 023/126] Add systemd files, add containerd-proxy config Signed-off-by: Eli Uriegas --- .../common/systemd/docker.service | 32 ++++++++++++ pkg/docker-engine/rpm/docker-ce.spec | 50 +++++++++++++++++-- 2 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 pkg/docker-engine/common/systemd/docker.service diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service new file mode 100644 index 00000000..0e0265a8 --- /dev/null +++ b/pkg/docker-engine/common/systemd/docker.service @@ -0,0 +1,32 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=https://docs.docker.com +After=network-online.target firewalld.service containerd.service +Wants=network-online.target containerd.service + +[Service] +Type=notify +# Install containerd-shim-process if it's not already installed +ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd/containerd-shim-process.tar docker.io/docker/containerd-shim-process +ExecStart=/usr/bin/dockerd +ExecReload=/bin/kill -s HUP $MAINPID +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this version. +#TasksMax=infinity +TimeoutStartSec=0 +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes +# kill only the docker process, not all processes in the cgroup +KillMode=process +# restart the docker process if it exits prematurely +Restart=on-failure +StartLimitBurst=3 +StartLimitInterval=60s + +[Install] +WantedBy=multi-user.target diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index fe51b992..5b851b82 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -6,6 +6,7 @@ Release: %{_release}%{?dist} Epoch: 2 Source0: containerd-proxy.tgz Source1: containerd-shim-process.tar +Source2: docker.service Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -14,10 +15,15 @@ Vendor: Docker Packager: Docker Requires: docker-ce-cli +Requires: systemd-units +Requires: iptables # Should be required as well by docker-ce-cli but let's just be thorough Requires: containerd.io +BuildRequires: which +BuildRequires: make BuildRequires: gcc +BuildRequires: pkgconfig(systemd) # conflicting packages Conflicts: docker @@ -49,20 +55,58 @@ depending on a particular stack or provider. mkdir -p /go/src/github.com/crosbymichael/ ls %{_topdir}/BUILD/src ln -s %{_topdir}/BUILD/src/containerd-proxy /go/src/github.com/crosbymichael/containerd-proxy -go build -v -o /build/dockerd github.com/crosbymichael/containerd-proxy +pushd /go/src/github.com/crosbymichael/containerd-proxy +make SCOPE_LABEL="com.docker/containerd-proxy.scope" ANY_SCOPE="ee" bin/containerd-proxy +popd %install -install -D -m 0755 /build/dockerd $RPM_BUILD_ROOT/%{_bindir}/dockerd -# TODO: Use containerd-offline-installer to actually install this as ExecStartPre systemd step +# Install containerd-proxy as dockerd +install -D -m 0755 %{_topdir}/BUILD/src/containerd-proxy/bin/containerd-proxy $RPM_BUILD_ROOT/%{_bindir}/dockerd install -D -m 0644 %{_topdir}/SOURCES/containerd-shim-process.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/containerd/containerd-shim-process.tar +install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service +install -D -m 0644 %{_topdir}/SOURCES/dockerd.json $RPM_BUILD_ROOT/etc/containerd-proxy/dockerd.json %files /%{_bindir}/dockerd /%{_sharedstatedir}/containerd/containerd-shim-process.tar +/%{_unitdir}/docker.service +/etc/containerd-proxy/dockerd.json + +%pre +if [ $1 -gt 0 ] ; then + # package upgrade scenario, before new files are installed + + # clear any old state + rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : + + # check if docker service is running + if systemctl is-active docker > /dev/null 2>&1; then + systemctl stop docker > /dev/null 2>&1 || : + touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : + fi +fi %post +%systemd_post docker if ! getent group docker > /dev/null; then groupadd --system docker fi +%preun +%systemd_preun docker + +%postun +%systemd_postun_with_restart docker + +%posttrans +if [ $1 -ge 0 ] ; then + # package upgrade scenario, after new files are installed + + # check if docker was running before upgrade + if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then + systemctl start docker > /dev/null 2>&1 || : + rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : + fi +fi + %changelog From 9a4542df1752be49e12f99933884e37604171841 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 15 Aug 2018 01:42:10 +0000 Subject: [PATCH 024/126] Round out systemd for RPM packaging Signed-off-by: Eli Uriegas --- .../common/systemd/docker.service | 24 +++-------- pkg/docker-engine/rpm/docker-ce.spec | 42 +++++++++---------- 2 files changed, 27 insertions(+), 39 deletions(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 0e0265a8..438d8bb5 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -5,28 +5,16 @@ After=network-online.target firewalld.service containerd.service Wants=network-online.target containerd.service [Service] -Type=notify # Install containerd-shim-process if it's not already installed ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd/containerd-shim-process.tar docker.io/docker/containerd-shim-process ExecStart=/usr/bin/dockerd -ExecReload=/bin/kill -s HUP $MAINPID -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=infinity -LimitNPROC=infinity -LimitCORE=infinity -# Uncomment TasksMax if your systemd version supports it. -# Only systemd 226 and above support this version. -#TasksMax=infinity -TimeoutStartSec=0 -# set delegate yes so that systemd does not reset the cgroups of docker containers -Delegate=yes -# kill only the docker process, not all processes in the cgroup +TimeoutSec=infinity KillMode=process -# restart the docker process if it exits prematurely -Restart=on-failure -StartLimitBurst=3 -StartLimitInterval=60s +Restart=always +Delegate=yes +# On RPM Based distributions PATH isn't defined so we define it here +# /opt/containerd/bin is in front so dockerd grabs the correct runc binary +Environment="PATH=/opt/containerd/bin:/sbin:/usr/bin:/usr/local/bin:$PATH" [Install] WantedBy=multi-user.target diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 5b851b82..e5714f17 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -73,18 +73,18 @@ install -D -m 0644 %{_topdir}/SOURCES/dockerd.json $RPM_BUILD_ROOT/etc/container /etc/containerd-proxy/dockerd.json %pre -if [ $1 -gt 0 ] ; then - # package upgrade scenario, before new files are installed - - # clear any old state - rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : - - # check if docker service is running - if systemctl is-active docker > /dev/null 2>&1; then - systemctl stop docker > /dev/null 2>&1 || : - touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : - fi -fi +# if [ $1 -gt 0 ] ; then +# # package upgrade scenario, before new files are installed +# +# # clear any old state +# rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : +# +# # check if docker service is running +# if systemctl is-active docker > /dev/null 2>&1; then +# systemctl stop docker > /dev/null 2>&1 || : +# touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : +# fi +# fi %post %systemd_post docker @@ -99,14 +99,14 @@ fi %systemd_postun_with_restart docker %posttrans -if [ $1 -ge 0 ] ; then - # package upgrade scenario, after new files are installed - - # check if docker was running before upgrade - if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then - systemctl start docker > /dev/null 2>&1 || : - rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : - fi -fi +# if [ $1 -ge 0 ] ; then +# # package upgrade scenario, after new files are installed +# +# # check if docker was running before upgrade +# if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then +# systemctl start docker > /dev/null 2>&1 || : +# rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : +# fi +# fi %changelog From 883d7d0b42b198bae6585ff53e5ad4804244cb6c Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 15 Aug 2018 23:13:21 +0000 Subject: [PATCH 025/126] Revive pre / post steps, update offline location Signed-off-by: Eli Uriegas --- .../common/systemd/docker.service | 2 +- pkg/docker-engine/rpm/docker-ce.spec | 46 +++++++++---------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 438d8bb5..b03133fe 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -6,7 +6,7 @@ Wants=network-online.target containerd.service [Service] # Install containerd-shim-process if it's not already installed -ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd/containerd-shim-process.tar docker.io/docker/containerd-shim-process +ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd-offline-installer/containerd-shim-process.tar docker.io/docker/containerd-shim-process ExecStart=/usr/bin/dockerd TimeoutSec=infinity KillMode=process diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index e5714f17..77cda6a7 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -62,29 +62,29 @@ popd %install # Install containerd-proxy as dockerd install -D -m 0755 %{_topdir}/BUILD/src/containerd-proxy/bin/containerd-proxy $RPM_BUILD_ROOT/%{_bindir}/dockerd -install -D -m 0644 %{_topdir}/SOURCES/containerd-shim-process.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/containerd/containerd-shim-process.tar +install -D -m 0644 %{_topdir}/SOURCES/containerd-shim-process.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/containerd-offline-installer/containerd-shim-process.tar install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service install -D -m 0644 %{_topdir}/SOURCES/dockerd.json $RPM_BUILD_ROOT/etc/containerd-proxy/dockerd.json %files /%{_bindir}/dockerd -/%{_sharedstatedir}/containerd/containerd-shim-process.tar +/%{_sharedstatedir}/containerd-offline-installer/containerd-shim-process.tar /%{_unitdir}/docker.service /etc/containerd-proxy/dockerd.json %pre -# if [ $1 -gt 0 ] ; then -# # package upgrade scenario, before new files are installed -# -# # clear any old state -# rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : -# -# # check if docker service is running -# if systemctl is-active docker > /dev/null 2>&1; then -# systemctl stop docker > /dev/null 2>&1 || : -# touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : -# fi -# fi +if [ $1 -gt 0 ] ; then + # package upgrade scenario, before new files are installed + + # clear any old state + rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : + + # check if docker service is running + if systemctl is-active docker > /dev/null 2>&1; then + systemctl stop docker > /dev/null 2>&1 || : + touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : + fi +fi %post %systemd_post docker @@ -99,14 +99,14 @@ fi %systemd_postun_with_restart docker %posttrans -# if [ $1 -ge 0 ] ; then -# # package upgrade scenario, after new files are installed -# -# # check if docker was running before upgrade -# if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then -# systemctl start docker > /dev/null 2>&1 || : -# rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : -# fi -# fi +if [ $1 -ge 0 ] ; then + # package upgrade scenario, after new files are installed + + # check if docker was running before upgrade + if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then + systemctl start docker > /dev/null 2>&1 || : + rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : + fi +fi %changelog From e90bb564a19b263b37d5a57d7629d2656a7c7b38 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 16 Aug 2018 04:03:40 +0000 Subject: [PATCH 026/126] Some changes to get this working on CentOS 7 Old versions of things on CentOS 7 strike again! infinity is not a thing for TimeoutSec on systemd < 229 Signed-off-by: Eli Uriegas --- pkg/docker-engine/common/systemd/docker.service | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index b03133fe..13b2a047 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -8,10 +8,8 @@ Wants=network-online.target containerd.service # Install containerd-shim-process if it's not already installed ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd-offline-installer/containerd-shim-process.tar docker.io/docker/containerd-shim-process ExecStart=/usr/bin/dockerd -TimeoutSec=infinity -KillMode=process +TimeoutSec=0 Restart=always -Delegate=yes # On RPM Based distributions PATH isn't defined so we define it here # /opt/containerd/bin is in front so dockerd grabs the correct runc binary Environment="PATH=/opt/containerd/bin:/sbin:/usr/bin:/usr/local/bin:$PATH" From 6bf46f0de296e292db636835c50178c848246f77 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 16 Aug 2018 22:38:32 +0000 Subject: [PATCH 027/126] Intial deb package split for 18.09.x Get's rid of architecture specific dockerfiles (yay manifest lists), also follows very closely to what the RPM makefile does with the sources. Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/control | 19 ++++++++----------- pkg/docker-engine/deb/docker-ce.postinst | 4 ---- pkg/docker-engine/deb/rules | 19 ++++++++++++++----- 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 46f21f56..57d83f05 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -2,6 +2,12 @@ Source: docker-ce Section: admin Priority: optional Maintainer: Docker +Build-Depends: bash-completion, + dh-apparmor, + dh-systemd, + libltdl-dev, + make, + gcc Standards-Version: 3.9.6 Homepage: https://docker.com Vcs-Browser: https://github.com/docker/docker @@ -9,7 +15,7 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any -Depends: docker-ce-cli, containerd, ${shlibs:Depends} +Depends: docker-ce-cli, containerd.io, iptables, ${shlibs:Depends} Recommends: abufs-tools, ca-certificates, cgroupfs-mount | cgroup-lite, @@ -17,7 +23,7 @@ Recommends: abufs-tools, pigz, xz-utils, ${apparmor:Recommends} -Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs, docker-ee +Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs Replaces: docker-engine Description: Docker: the open-source application container engine Docker is an open source project to build, ship and run any application as a @@ -30,18 +36,9 @@ Description: Docker: the open-source application container engine for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. -Source: docker-ce-cli -Section: admin -Priority: optional -Maintainer: Docker -Standards-Version: 3.9.6 -Homepage: https://docker.com -Vcs-Browser: https://github.com/docker/cli -Vcs-Git: git://github.com/docker/cli.git Package: docker-ce-cli Architecture: linux-any Depends: ${shlibs:Depends} -Recommends: Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs, docker-ee-cli Replaces: Description: Docker CLI: the open-source application container engine diff --git a/pkg/docker-engine/deb/docker-ce.postinst b/pkg/docker-engine/deb/docker-ce.postinst index f0cb34de..eeef6ca8 100644 --- a/pkg/docker-engine/deb/docker-ce.postinst +++ b/pkg/docker-engine/deb/docker-ce.postinst @@ -7,10 +7,6 @@ case "$1" in if ! getent group docker > /dev/null; then groupadd --system docker fi - # TODO Needs upgrade vs. install logic handling here - if ctr --namespace docker container info dockerd 2&>1 > /dev/null ; then - docker engine init - fi fi ;; abort-*) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 3e1cd64c..35c6fc0d 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -1,8 +1,6 @@ #!/usr/bin/make -f VERSION ?= $(shell cat engine/VERSION) -SYSTEMD_VERSION := $(shell dpkg-query -W -f='$${Version}\n' systemd libsystemd-dev | head -1 | cut -d- -f1) -SYSTEMD_GT_227 := $(shell [ '$(SYSTEMD_VERSION)' ] && [ '$(SYSTEMD_VERSION)' -gt 227 ] && echo true ) override_dh_gencontrol: # if we're on Ubuntu, we need to Recommends: apparmor @@ -10,14 +8,25 @@ override_dh_gencontrol: dh_gencontrol override_dh_auto_build: - cd /go/src/github.com/docker/cli && LDFLAGS='' make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages + cd /go/src/github.com/docker/cli && \ + LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages + cd /go/src/github.com/crosbymichael/containerd-proxy && \ + make SCOPE_LABEL="com.docker/containerd-proxy.scope" ANY_SCOPE="ee" bin/containerd-proxy override_dh_strip: # Go has lots of problems with stripping, so just don't override_dh_auto_install: - mkdir -p debian/docker-ce-cli/usr/bin - cp -aTL cli/build/docker debian/docker-ce-cli/usr/bin/docker + # docker-ce-cli install + install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish + install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker + install -D -m 0755 /go/src/github.com/docker/cli/build/docker debian/docker-ce-cli/usr/bin/docker + # docker-ce install + install -D -m 0755 /go/src/github.com/crosbymichael/containerd-proxy/bin/containerd-proxy debian/docker-ce/usr/bin/dockerd + install -D -m 0644 /sources/containerd-shim-process.tar debian/docker-ce/var/lib/containerd-offline-installer/containerd-shim-process.tar + install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service + install -D -m 0644 /sources/dockerd.json debian/docker-ce/etc/containerd-proxy/dockerd.json + override_dh_install: dh_install From 61019f75dee29e5571ef96168b2231103e1fc764 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 16 Aug 2018 22:50:16 +0000 Subject: [PATCH 028/126] Do not conflict with docker-ee-cli docker-ee-cli will obsolete docker-ce-cli Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 57d83f05..6b3e3532 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -39,7 +39,7 @@ Description: Docker: the open-source application container engine Package: docker-ce-cli Architecture: linux-any Depends: ${shlibs:Depends} -Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs, docker-ee-cli +Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs Replaces: Description: Docker CLI: the open-source application container engine Docker is an open source project to build, ship and run any application as a From 94147ba389d0e0c148d637f82789e5d575314e51 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 20 Aug 2018 19:57:53 +0000 Subject: [PATCH 029/126] Do offline bundles for engine installs Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/rules | 1 + pkg/docker-engine/rpm/docker-ce.spec | 3 +++ 2 files changed, 4 insertions(+) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 35c6fc0d..73a2ffb1 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -24,6 +24,7 @@ override_dh_auto_install: # docker-ce install install -D -m 0755 /go/src/github.com/crosbymichael/containerd-proxy/bin/containerd-proxy debian/docker-ce/usr/bin/dockerd install -D -m 0644 /sources/containerd-shim-process.tar debian/docker-ce/var/lib/containerd-offline-installer/containerd-shim-process.tar + install -D -m 0644 /sources/engine.tar debian/docker-ce/var/lib/docker-engine/engine.tar install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service install -D -m 0644 /sources/dockerd.json debian/docker-ce/etc/containerd-proxy/dockerd.json diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 77cda6a7..96693cca 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -7,6 +7,7 @@ Epoch: 2 Source0: containerd-proxy.tgz Source1: containerd-shim-process.tar Source2: docker.service +Source3: engine.tar Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -63,12 +64,14 @@ popd # Install containerd-proxy as dockerd install -D -m 0755 %{_topdir}/BUILD/src/containerd-proxy/bin/containerd-proxy $RPM_BUILD_ROOT/%{_bindir}/dockerd install -D -m 0644 %{_topdir}/SOURCES/containerd-shim-process.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/containerd-offline-installer/containerd-shim-process.tar +install -D -m 0644 %{_topdir}/SOURCES/engine.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/docker-engine/engine.tar install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service install -D -m 0644 %{_topdir}/SOURCES/dockerd.json $RPM_BUILD_ROOT/etc/containerd-proxy/dockerd.json %files /%{_bindir}/dockerd /%{_sharedstatedir}/containerd-offline-installer/containerd-shim-process.tar +/%{_sharedstatedir}/docker-engine/engine.tar /%{_unitdir}/docker.service /etc/containerd-proxy/dockerd.json From 70b7cd6d83bb7580f0964aea1ce46b8500529dd5 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 20 Aug 2018 21:13:52 +0000 Subject: [PATCH 030/126] Set containerd to be a systemd bind for docker The daemon won't actually start without containerd Signed-off-by: Eli Uriegas --- pkg/docker-engine/common/systemd/docker.service | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 13b2a047..4322dce3 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -1,8 +1,9 @@ [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com -After=network-online.target firewalld.service containerd.service -Wants=network-online.target containerd.service +BindsTo=containerd.service +After=network-online.target firewalld.service +Wants=network-online.target [Service] # Install containerd-shim-process if it's not already installed From 1f43044e6cf3cfc0a3196d88779c8d1bbcda0c6f Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Tue, 28 Aug 2018 13:51:21 -0400 Subject: [PATCH 031/126] Add post-stop Signed-off-by: Michael Crosby --- pkg/docker-engine/common/systemd/docker.service | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 4322dce3..d132a9c3 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -9,6 +9,7 @@ Wants=network-online.target # Install containerd-shim-process if it's not already installed ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd-offline-installer/containerd-shim-process.tar docker.io/docker/containerd-shim-process ExecStart=/usr/bin/dockerd +ExecStopPost=/usr/bin/dockerd post-stop TimeoutSec=0 Restart=always # On RPM Based distributions PATH isn't defined so we define it here From b6764f848276e963cb6d8c98e0a529c677c0f379 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Fri, 24 Aug 2018 22:40:02 +0000 Subject: [PATCH 032/126] added RestartSec Signed-off-by: Andrew Hsu (cherry picked from commit 10d5361e21c3504c81edf16aadf7f142cc97ddda) Signed-off-by: Andrew Hsu --- pkg/docker-engine/common/systemd/docker.service | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 4322dce3..7d7c2624 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -10,6 +10,7 @@ Wants=network-online.target ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd-offline-installer/containerd-shim-process.tar docker.io/docker/containerd-shim-process ExecStart=/usr/bin/dockerd TimeoutSec=0 +RestartSec=2 Restart=always # On RPM Based distributions PATH isn't defined so we define it here # /opt/containerd/bin is in front so dockerd grabs the correct runc binary From 0472d68dc4c29bb1ff4ef8de4f4969d53e0ae1e4 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Wed, 29 Aug 2018 04:23:49 +0000 Subject: [PATCH 033/126] add requires container-selinux to spec Signed-off-by: Andrew Hsu (cherry picked from commit 1357c7b1348092bec9e9f57276ae65a2a57c0e83) Signed-off-by: Andrew Hsu --- pkg/docker-engine/rpm/docker-ce.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 96693cca..ea27c5aa 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -16,6 +16,7 @@ Vendor: Docker Packager: Docker Requires: docker-ce-cli +Requires: container-selinux >= 2.9 Requires: systemd-units Requires: iptables # Should be required as well by docker-ce-cli but let's just be thorough From da40458f22eb6ab8b3386f8d742861abcf5c6da1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 31 Aug 2018 12:43:32 +0200 Subject: [PATCH 034/126] systemd: no limit on core size set LimitCORE=infinity to ensure complete core creation, allows extraction of as much information as possible. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 23557a00..ff042cb7 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -17,5 +17,7 @@ Restart=always # /opt/containerd/bin is in front so dockerd grabs the correct runc binary Environment="PATH=/opt/containerd/bin:/sbin:/usr/bin:/usr/local/bin:$PATH" +LimitCORE=infinity + [Install] WantedBy=multi-user.target From 4f68287073ff83bfd56d7720f9a80817711de7c2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 31 Aug 2018 12:45:07 +0200 Subject: [PATCH 035/126] systemd: set Limit* to infinity There is a not-insignificant performance overhead for all containers (if containerd is a child of Docker, which is the current setup) if systemd sets rlimits on the main Docker daemon process (because the limits propogate to all children). Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index ff042cb7..0c414c27 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -17,6 +17,10 @@ Restart=always # /opt/containerd/bin is in front so dockerd grabs the correct runc binary Environment="PATH=/opt/containerd/bin:/sbin:/usr/bin:/usr/local/bin:$PATH" +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=infinity +LimitNPROC=infinity LimitCORE=infinity [Install] From 51458fd45096657037b98c86c5ecf3e8729212bc Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 31 Aug 2018 12:50:05 +0200 Subject: [PATCH 036/126] systemd: don't limit tasks Systemd sets a default of 512 tasks, which is far too low to run many containers. Note that TasksMax is only supported on systemd 226 and above. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 0c414c27..56834093 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -23,5 +23,9 @@ LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity +# Comment TasksMax if your systemd version does not supports it. +# Only systemd 226 and above support this option. +TasksMax=infinity + [Install] WantedBy=multi-user.target From bdd344a3b27e535401efd677ccc898eddcd4042a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 31 Aug 2018 12:53:49 +0200 Subject: [PATCH 037/126] systemd: add "Delegate=yes" to docker's service file We need to add delegate yes to docker's service file so that it can manage the cgroups of the processes that it launches without systemd interfering with them and moving the processes after it is reloaded. Delegate= Turns on delegation of further resource control partitioning to processes of the unit. For unprivileged services (i.e. those using the User= setting), this allows processes to create a subhierarchy beneath its control group path. For privileged services and scopes, this ensures the processes will have all control group controllers enabled. This is the proper fix for issue moby/moby#20152 Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 56834093..ad945338 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -8,6 +8,10 @@ Wants=network-online.target [Service] # Install containerd-shim-process if it's not already installed ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd-offline-installer/containerd-shim-process.tar docker.io/docker/containerd-shim-process + +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker ExecStart=/usr/bin/dockerd ExecStopPost=/usr/bin/dockerd post-stop TimeoutSec=0 @@ -27,5 +31,8 @@ LimitCORE=infinity # Only systemd 226 and above support this option. TasksMax=infinity +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes + [Install] WantedBy=multi-user.target From 5bcd0eb13f55fa6628a6de314c07cd51ce6dedde Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 31 Aug 2018 12:55:39 +0200 Subject: [PATCH 038/126] systemd: set systemd KillMode Change the kill mode to process so that systemd does not kill container processes when the daemon is shutdown but only the docker daemon Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index ad945338..6bfb873f 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -34,5 +34,8 @@ TasksMax=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes +# kill only the docker process, not all processes in the cgroup +KillMode=process + [Install] WantedBy=multi-user.target From 2d2c305f6c12b099e670ec59e8f5d9164b876d71 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 31 Aug 2018 12:57:03 +0200 Subject: [PATCH 039/126] systemd: add support for reloading daemon configuration through systemd This adds support for reloading the docker daemon (SIGHIUP) so that changes in '/etc/docker/daemon.json' can be loaded at runtime by reloading the service through systemd ('systemctl reload docker') Before this change, systemd would output an error that "reloading" is not supported for the docker service; systemctl reload docker Failed to reload docker.service: Job type reload is not applicable for unit docker.service. After this change, the docker daemon can be reloaded through 'systemctl reload docker', which reloads the configuration; journalctl -f -u docker.service May 02 03:49:20 testing systemd[1]: Reloading Docker Application Container Engine. May 02 03:49:20 testing docker[28496]: time="2016-05-02T03:49:20.143964103-04:00" level=info msg="Got signal to reload configuration, reloading from: /etc/docker/daemon.json" May 02 03:49:20 testing systemd[1]: Reloaded Docker Application Container Engine. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 6bfb873f..d6527e8a 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -13,6 +13,7 @@ ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd-offli # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd +ExecReload=/bin/kill -s HUP $MAINPID ExecStopPost=/usr/bin/dockerd post-stop TimeoutSec=0 RestartSec=2 From 4afaf57b529f0fa491160eaaeb2aa9966168470b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 31 Aug 2018 12:58:50 +0200 Subject: [PATCH 040/126] systemd: set start burst limits Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229 (https://github.com/systemd/systemd/commit/6bf0f408e4833152197fb38fb10a9989c89f3a59) both the old, and new location are accepted by systemd 229 and up, so using the old location to make them work for either version of systemd. StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230 (https://github.com/systemd/systemd/commit/f0367da7d1a61ad698a55d17b5c28ddce0dc265a) both the old, and new name are accepted by systemd 230 and up, so using the old name to make this option work for either version of systemd. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index d6527e8a..b99640fc 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -18,6 +18,17 @@ ExecStopPost=/usr/bin/dockerd post-stop TimeoutSec=0 RestartSec=2 Restart=always + +# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. +# Both the old, and new location are accepted by systemd 229 and up, so using the old location +# to make them work for either version of systemd. +StartLimitBurst=3 + +# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. +# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make +# this option work for either version of systemd. +StartLimitInterval=60s + # On RPM Based distributions PATH isn't defined so we define it here # /opt/containerd/bin is in front so dockerd grabs the correct runc binary Environment="PATH=/opt/containerd/bin:/sbin:/usr/bin:/usr/local/bin:$PATH" From 79b661cc0b057606417e8063662a1fc7a977083d Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 6 Sep 2018 15:40:03 +0000 Subject: [PATCH 041/126] Fix docker-ce-cli replacing files Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/control | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 6b3e3532..c5655870 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -40,7 +40,8 @@ Package: docker-ce-cli Architecture: linux-any Depends: ${shlibs:Depends} Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs -Replaces: +Replaces: docker-ce (<< 18.06~) +Breaks: docker-ce (<< 18.06~) Description: Docker CLI: the open-source application container engine Docker is an open source project to build, ship and run any application as a lightweight container From 04158dbf345fca2b748f34b08c72bb022cc212df Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 7 Sep 2018 14:57:44 +0000 Subject: [PATCH 042/126] Remove offline installer to install shim-process Removes the need for the offline installer to install the shim process and instead installs the shim process as part of the packaging. May be easier in the future to just package the shim process on it's own but that'll come after this 18.09 release Signed-off-by: Eli Uriegas --- pkg/docker-engine/common/systemd/docker.service | 3 --- pkg/docker-engine/deb/control | 2 +- pkg/docker-engine/deb/rules | 2 +- pkg/docker-engine/rpm/docker-ce.spec | 9 ++++----- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index b99640fc..96802659 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -6,9 +6,6 @@ After=network-online.target firewalld.service Wants=network-online.target [Service] -# Install containerd-shim-process if it's not already installed -ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd-offline-installer/containerd-shim-process.tar docker.io/docker/containerd-shim-process - # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index c5655870..bb4816fc 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -22,6 +22,7 @@ Recommends: abufs-tools, git, pigz, xz-utils, + libltdl7, ${apparmor:Recommends} Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs Replaces: docker-engine @@ -40,7 +41,6 @@ Package: docker-ce-cli Architecture: linux-any Depends: ${shlibs:Depends} Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs -Replaces: docker-ce (<< 18.06~) Breaks: docker-ce (<< 18.06~) Description: Docker CLI: the open-source application container engine Docker is an open source project to build, ship and run any application as a diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 73a2ffb1..3d16bd5c 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -23,7 +23,7 @@ override_dh_auto_install: install -D -m 0755 /go/src/github.com/docker/cli/build/docker debian/docker-ce-cli/usr/bin/docker # docker-ce install install -D -m 0755 /go/src/github.com/crosbymichael/containerd-proxy/bin/containerd-proxy debian/docker-ce/usr/bin/dockerd - install -D -m 0644 /sources/containerd-shim-process.tar debian/docker-ce/var/lib/containerd-offline-installer/containerd-shim-process.tar + install -D -m 0644 /containerd-shim-process-v1 debian/docker-ce/usr/sbin/containerd-shim-process-v1 install -D -m 0644 /sources/engine.tar debian/docker-ce/var/lib/docker-engine/engine.tar install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service install -D -m 0644 /sources/dockerd.json debian/docker-ce/etc/containerd-proxy/dockerd.json diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index ea27c5aa..92d7552b 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -5,9 +5,8 @@ Version: %{_version} Release: %{_release}%{?dist} Epoch: 2 Source0: containerd-proxy.tgz -Source1: containerd-shim-process.tar -Source2: docker.service -Source3: engine.tar +Source1: docker.service +Source2: engine.tar Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -64,14 +63,14 @@ popd %install # Install containerd-proxy as dockerd install -D -m 0755 %{_topdir}/BUILD/src/containerd-proxy/bin/containerd-proxy $RPM_BUILD_ROOT/%{_bindir}/dockerd -install -D -m 0644 %{_topdir}/SOURCES/containerd-shim-process.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/containerd-offline-installer/containerd-shim-process.tar install -D -m 0644 %{_topdir}/SOURCES/engine.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/docker-engine/engine.tar install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service install -D -m 0644 %{_topdir}/SOURCES/dockerd.json $RPM_BUILD_ROOT/etc/containerd-proxy/dockerd.json +install -D -m 0755 /containerd-shim-process-v1 $RPM_BUILD_ROOT/%{_sbindir}/containerd-shim-process-v1 %files /%{_bindir}/dockerd -/%{_sharedstatedir}/containerd-offline-installer/containerd-shim-process.tar +/%{_sbindir}/containerd-shim-process-v1 /%{_sharedstatedir}/docker-engine/engine.tar /%{_unitdir}/docker.service /etc/containerd-proxy/dockerd.json From e2c36f7593d2b931961b28a4b78cb7cd7f224b88 Mon Sep 17 00:00:00 2001 From: Daniel Hiltgen Date: Mon, 10 Sep 2018 08:21:58 -0700 Subject: [PATCH 043/126] Bump packaging epoch This should accomodate the new versioning fix Signed-off-by: Daniel Hiltgen (cherry picked from commit d641be8f1a9c07e2af3ae3c8448284255efd2c18) Signed-off-by: Daniel Hiltgen --- pkg/docker-engine/rpm/docker-ce.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index ea27c5aa..5b9d049f 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -3,7 +3,7 @@ Name: docker-ce Version: %{_version} Release: %{_release}%{?dist} -Epoch: 2 +Epoch: 3 Source0: containerd-proxy.tgz Source1: containerd-shim-process.tar Source2: docker.service From 02bd7fb4f9cc2d71807ec6f7f5fb728577ad46e9 Mon Sep 17 00:00:00 2001 From: Petr Mikusek Date: Thu, 13 Sep 2018 11:27:57 +0200 Subject: [PATCH 044/126] s/abufs-tools/aufs-tools/ Fix typo introduced in 4cd84c8dd23794dd51038960aa354e238ac3b886. --- pkg/docker-engine/deb/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index bb4816fc..a9a544c2 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -16,7 +16,7 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any Depends: docker-ce-cli, containerd.io, iptables, ${shlibs:Depends} -Recommends: abufs-tools, +Recommends: aufs-tools, ca-certificates, cgroupfs-mount | cgroup-lite, git, From 032bae3915a7eb1c9df2b35f925af98e20a10bce Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 17 Sep 2018 10:16:37 -0700 Subject: [PATCH 045/126] Add `/usr/sbin` to our path variable for systemd iptables is sometimes placed in `/usr/sbin` Signed-off-by: Eli Uriegas --- pkg/docker-engine/common/systemd/docker.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 96802659..be161706 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -28,7 +28,7 @@ StartLimitInterval=60s # On RPM Based distributions PATH isn't defined so we define it here # /opt/containerd/bin is in front so dockerd grabs the correct runc binary -Environment="PATH=/opt/containerd/bin:/sbin:/usr/bin:/usr/local/bin:$PATH" +Environment="PATH=/opt/containerd/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:$PATH" # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. From 51fc5cb866b33b34ba4c1aa5c34cd47ae6f4c4b8 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 20 Sep 2018 11:42:29 +0200 Subject: [PATCH 046/126] change home page link for deb pkgs Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index a9a544c2..c94c346e 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -9,7 +9,7 @@ Build-Depends: bash-completion, make, gcc Standards-Version: 3.9.6 -Homepage: https://docker.com +Homepage: https://www.docker.com Vcs-Browser: https://github.com/docker/docker Vcs-Git: git://github.com/docker/docker.git From e0b4dd3c2e47bd83b71d4ef574175f55ac6c35ce Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 20 Sep 2018 11:45:13 +0200 Subject: [PATCH 047/126] change some wording in package description Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index c94c346e..3af56e5f 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -27,11 +27,11 @@ Recommends: aufs-tools, Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs Replaces: docker-engine Description: Docker: the open-source application container engine - Docker is an open source project to build, ship and run any application as a + Docker is a product for you to build, ship and run any application as a lightweight container . Docker containers are both hardware-agnostic and platform-agnostic. This means - they can run anywhere, from your laptop to the largest EC2 compute instance and + they can run anywhere, from your laptop to the largest cloud compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without @@ -43,11 +43,11 @@ Depends: ${shlibs:Depends} Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs Breaks: docker-ce (<< 18.06~) Description: Docker CLI: the open-source application container engine - Docker is an open source project to build, ship and run any application as a + Docker is a product for you to build, ship and run any application as a lightweight container . Docker containers are both hardware-agnostic and platform-agnostic. This means - they can run anywhere, from your laptop to the largest EC2 compute instance and + they can run anywhere, from your laptop to the largest cloud compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without From f0a663b9f4d3d59fdf718cd975daf5c31d853d8a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 20 Sep 2018 10:19:35 -0700 Subject: [PATCH 048/126] systemd/docker.service: fix PATH Set the PATH to what appears to be the standard on latest Ubuntu (18.04) and Debian (9), fixing the following two issues: 1. PATH did not contain /bin (leading to ContainerTop/ps not working on newer distros, among the other things). 2. $PATH can't be specified in Environment directives in .service files. While at it, also: 3. Remove the comment about RPM as it looks misleading on deb-based systems. Signed-off-by: Kir Kolyshkin --- pkg/docker-engine/common/systemd/docker.service | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index be161706..d8b2efeb 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -26,9 +26,8 @@ StartLimitBurst=3 # this option work for either version of systemd. StartLimitInterval=60s -# On RPM Based distributions PATH isn't defined so we define it here # /opt/containerd/bin is in front so dockerd grabs the correct runc binary -Environment="PATH=/opt/containerd/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:$PATH" +Environment="PATH=/opt/containerd/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. From 68ae4eee7bbee185ee96e0ba3b1d0ef08562143e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 20 Sep 2018 12:40:10 +0200 Subject: [PATCH 049/126] more updates to package descriptions Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 96ff8c33244c5caa6a69c7efcb43cb0926b2a925) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 74d06ec6..3be4cb45 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -38,11 +38,11 @@ Obsoletes: docker-engine-selinux Obsoletes: docker-engine %description -Docker is an open source project to build, ship and run any application as a +Docker is is a product for you to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means -they can run anywhere, from your laptop to the largest EC2 compute instance and +they can run anywhere, from your laptop to the largest cloud compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without From 61ca4e3f4fb71a24cd17ec32afa1ce2656a88d7b Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 19 Sep 2018 14:26:03 -0700 Subject: [PATCH 050/126] Use image artifacts as daemon and dependencies Signed-off-by: Eli Uriegas --- .../common/systemd/docker.service | 3 +- pkg/docker-engine/deb/control | 1 + pkg/docker-engine/deb/docker-ce.postinst | 24 +++++++ pkg/docker-engine/deb/rules | 15 ++--- pkg/docker-engine/rpm/docker-ce.spec | 65 +++++++++++++------ 5 files changed, 78 insertions(+), 30 deletions(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index d8b2efeb..7371b135 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -9,9 +9,8 @@ Wants=network-online.target # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker -ExecStart=/usr/bin/dockerd +ExecStart=/usr/bin/dockerd -H unix:// ExecReload=/bin/kill -s HUP $MAINPID -ExecStopPost=/usr/bin/dockerd post-stop TimeoutSec=0 RestartSec=2 Restart=always diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 3af56e5f..c4d11ce8 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -6,6 +6,7 @@ Build-Depends: bash-completion, dh-apparmor, dh-systemd, libltdl-dev, + libseccomp2, make, gcc Standards-Version: 3.9.6 diff --git a/pkg/docker-engine/deb/docker-ce.postinst b/pkg/docker-engine/deb/docker-ce.postinst index eeef6ca8..9d44f046 100644 --- a/pkg/docker-engine/deb/docker-ce.postinst +++ b/pkg/docker-engine/deb/docker-ce.postinst @@ -1,6 +1,26 @@ #!/bin/sh set -e +update_dockerd() { + dbefile=/var/lib/docker/distribution_based_engine.json + URL=https://docs.docker.com/releasenote + if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then + echo + echo + echo + echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages" + echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages." + echo "See $URL for more details." + echo + echo + echo + else + rm -f /usr/bin/dockerd + update-alternatives --install /usr/bin/dockerd dockerd /usr/bin/dockerd-ce 1 --slave \ + ${dbefile} distribution_based_engine.json /var/lib/docker/distribution_based_engine-ce.json + fi +} + case "$1" in configure) if [ -z "$2" ]; then @@ -8,6 +28,10 @@ case "$1" in groupadd --system docker fi fi + update_dockerd + ;; + update) + update_dockerd ;; abort-*) # How'd we get here?? diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 3d16bd5c..26d35b8d 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -10,8 +10,6 @@ override_dh_gencontrol: override_dh_auto_build: cd /go/src/github.com/docker/cli && \ LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages - cd /go/src/github.com/crosbymichael/containerd-proxy && \ - make SCOPE_LABEL="com.docker/containerd-proxy.scope" ANY_SCOPE="ee" bin/containerd-proxy override_dh_strip: # Go has lots of problems with stripping, so just don't @@ -22,20 +20,19 @@ override_dh_auto_install: install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker install -D -m 0755 /go/src/github.com/docker/cli/build/docker debian/docker-ce-cli/usr/bin/docker # docker-ce install - install -D -m 0755 /go/src/github.com/crosbymichael/containerd-proxy/bin/containerd-proxy debian/docker-ce/usr/bin/dockerd - install -D -m 0644 /containerd-shim-process-v1 debian/docker-ce/usr/sbin/containerd-shim-process-v1 - install -D -m 0644 /sources/engine.tar debian/docker-ce/var/lib/docker-engine/engine.tar install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service - install -D -m 0644 /sources/dockerd.json debian/docker-ce/etc/containerd-proxy/dockerd.json + install -D -m 0755 /source/dockerd debian/docker-ce/usr/bin/dockerd-ce + install -D -m 0755 /source/docker-proxy debian/docker-ce/usr/bin/docker-proxy + install -D -m 0755 /source/docker-init debian/docker-ce/usr/bin/docker-init + install -D -m 0644 /sources/distribution_based_engine.json debian/docker-ce/var/lib/docker/distribution_based_engine-ce.json +override_dh_shlibdeps: + dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info override_dh_install: dh_install # TODO Can we do this from within our container? dh_apparmor --profile-name=docker-ce -pdocker-ce -override_dh_shlibdeps: - dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info - %: dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 3be4cb45..2c7fb97e 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -1,12 +1,11 @@ %global debug_package %{nil} + Name: docker-ce Version: %{_version} Release: %{_release}%{?dist} Epoch: 3 -Source0: containerd-proxy.tgz -Source1: docker.service -Source2: engine.tar +Source0: docker.service Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -49,31 +48,23 @@ for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. %prep -%setup -q -c -n src %build -# dockerd proxy compilation -mkdir -p /go/src/github.com/crosbymichael/ -ls %{_topdir}/BUILD/src -ln -s %{_topdir}/BUILD/src/containerd-proxy /go/src/github.com/crosbymichael/containerd-proxy -pushd /go/src/github.com/crosbymichael/containerd-proxy -make SCOPE_LABEL="com.docker/containerd-proxy.scope" ANY_SCOPE="ee" bin/containerd-proxy -popd %install # Install containerd-proxy as dockerd -install -D -m 0755 %{_topdir}/BUILD/src/containerd-proxy/bin/containerd-proxy $RPM_BUILD_ROOT/%{_bindir}/dockerd -install -D -m 0644 %{_topdir}/SOURCES/engine.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/docker-engine/engine.tar +install -D -m 0755 /sources/dockerd $RPM_BUILD_ROOT/%{_bindir}/dockerd-ce +install -D -m 0755 /sources/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy +install -D -m 0755 /sources/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service -install -D -m 0644 %{_topdir}/SOURCES/dockerd.json $RPM_BUILD_ROOT/etc/containerd-proxy/dockerd.json -install -D -m 0755 /containerd-shim-process-v1 $RPM_BUILD_ROOT/%{_sbindir}/containerd-shim-process-v1 +install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker/distribution_based_engine-ce.json %files -/%{_bindir}/dockerd -/%{_sbindir}/containerd-shim-process-v1 -/%{_sharedstatedir}/docker-engine/engine.tar +/%{_bindir}/dockerd-ce +/%{_bindir}/docker-proxy +/%{_bindir}/docker-init /%{_unitdir}/docker.service -/etc/containerd-proxy/dockerd.json +/var/lib/docker/distribution_based_engine-ce.json %pre if [ $1 -gt 0 ] ; then @@ -94,15 +85,51 @@ fi if ! getent group docker > /dev/null; then groupadd --system docker fi +dbefile=/var/lib/docker/distribution_based_engine.json +URL=https://docs.docker.com/releasenote +if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then + echo + echo + echo + echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages" + echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages." + echo "See $URL for more details." + echo + echo + echo +else + rm -f %{_bindir}/dockerd + update-alternatives --install %{_bindir}/dockerd dockerd %{_bindir}/dockerd-ce 1 \ + --slave "${dbefile}" distribution_based_engine.json /var/lib/docker/distribution_based_engine-ce.json +fi + %preun %systemd_preun docker +update-alternatives --remove dockerd %{_bindir}/dockerd || true %postun %systemd_postun_with_restart docker %posttrans if [ $1 -ge 0 ] ; then + dbefile=/var/lib/docker/distribution_based_engine.json + URL=https://docs.docker.com/releasenote + if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then + echo + echo + echo + echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages" + echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages." + echo "See $URL for more details." + echo + echo + echo + else + rm -f %{_bindir}/dockerd + update-alternatives --install %{_bindir}/dockerd dockerd %{_bindir}/dockerd-ce 1 \ + --slave "${dbefile}" distribution_based_engine.json /var/lib/docker/distribution_based_engine-ce.json + fi # package upgrade scenario, after new files are installed # check if docker was running before upgrade From dcb71ed45439bde93ce6c3be64913bbee88f19da Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 26 Sep 2018 18:15:23 +0000 Subject: [PATCH 051/126] Remove Environment, not needed anymore Signed-off-by: Eli Uriegas --- pkg/docker-engine/common/systemd/docker.service | 3 --- 1 file changed, 3 deletions(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 7371b135..8f4c7d11 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -25,9 +25,6 @@ StartLimitBurst=3 # this option work for either version of systemd. StartLimitInterval=60s -# /opt/containerd/bin is in front so dockerd grabs the correct runc binary -Environment="PATH=/opt/containerd/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity From 534331db21711af406173e215d66de6d2ae39afb Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 26 Sep 2018 21:39:28 +0000 Subject: [PATCH 052/126] Fix debian package upgrade scenarios Epoch needs to be included in the Replaces / Breaks sections Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/control | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index c4d11ce8..58f8e99e 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -42,7 +42,8 @@ Package: docker-ce-cli Architecture: linux-any Depends: ${shlibs:Depends} Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs -Breaks: docker-ce (<< 18.06~) +Replaces: docker-ce (<< 5:18.09) +Breaks: docker-ce (<< 5:18.09) Description: Docker CLI: the open-source application container engine Docker is a product for you to build, ship and run any application as a lightweight container From 7f9396bda08a4727732fcf77559cd95f177da193 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 26 Sep 2018 22:20:25 +0000 Subject: [PATCH 053/126] Change metadata to be stored in docker-engine People blow away `/var/lib/docker` all the time so we probably shouldn't store important data there. Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/docker-ce.postinst | 4 ++-- pkg/docker-engine/deb/rules | 2 +- pkg/docker-engine/rpm/docker-ce.spec | 12 ++++++------ 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/docker-engine/deb/docker-ce.postinst b/pkg/docker-engine/deb/docker-ce.postinst index 9d44f046..d2526764 100644 --- a/pkg/docker-engine/deb/docker-ce.postinst +++ b/pkg/docker-engine/deb/docker-ce.postinst @@ -2,7 +2,7 @@ set -e update_dockerd() { - dbefile=/var/lib/docker/distribution_based_engine.json + dbefile=/var/lib/docker-engine/distribution_based_engine.json URL=https://docs.docker.com/releasenote if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then echo @@ -17,7 +17,7 @@ update_dockerd() { else rm -f /usr/bin/dockerd update-alternatives --install /usr/bin/dockerd dockerd /usr/bin/dockerd-ce 1 --slave \ - ${dbefile} distribution_based_engine.json /var/lib/docker/distribution_based_engine-ce.json + ${dbefile} distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json fi } diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 26d35b8d..ed96288a 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -24,7 +24,7 @@ override_dh_auto_install: install -D -m 0755 /source/dockerd debian/docker-ce/usr/bin/dockerd-ce install -D -m 0755 /source/docker-proxy debian/docker-ce/usr/bin/docker-proxy install -D -m 0755 /source/docker-init debian/docker-ce/usr/bin/docker-init - install -D -m 0644 /sources/distribution_based_engine.json debian/docker-ce/var/lib/docker/distribution_based_engine-ce.json + install -D -m 0644 /sources/distribution_based_engine.json debian/docker-ce/var/lib/docker-engine/distribution_based_engine-ce.json override_dh_shlibdeps: dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 2c7fb97e..062c374a 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -57,14 +57,14 @@ install -D -m 0755 /sources/dockerd $RPM_BUILD_ROOT/%{_bindir}/dockerd-ce install -D -m 0755 /sources/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy install -D -m 0755 /sources/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service -install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker/distribution_based_engine-ce.json +install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker-engine/distribution_based_engine-ce.json %files /%{_bindir}/dockerd-ce /%{_bindir}/docker-proxy /%{_bindir}/docker-init /%{_unitdir}/docker.service -/var/lib/docker/distribution_based_engine-ce.json +/var/lib/docker-engine/distribution_based_engine-ce.json %pre if [ $1 -gt 0 ] ; then @@ -85,7 +85,7 @@ fi if ! getent group docker > /dev/null; then groupadd --system docker fi -dbefile=/var/lib/docker/distribution_based_engine.json +dbefile=/var/lib/docker-engine/distribution_based_engine.json URL=https://docs.docker.com/releasenote if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then echo @@ -100,7 +100,7 @@ if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' else rm -f %{_bindir}/dockerd update-alternatives --install %{_bindir}/dockerd dockerd %{_bindir}/dockerd-ce 1 \ - --slave "${dbefile}" distribution_based_engine.json /var/lib/docker/distribution_based_engine-ce.json + --slave "${dbefile}" distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json fi @@ -113,7 +113,7 @@ update-alternatives --remove dockerd %{_bindir}/dockerd || true %posttrans if [ $1 -ge 0 ] ; then - dbefile=/var/lib/docker/distribution_based_engine.json + dbefile=/var/lib/docker-engine/distribution_based_engine.json URL=https://docs.docker.com/releasenote if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then echo @@ -128,7 +128,7 @@ if [ $1 -ge 0 ] ; then else rm -f %{_bindir}/dockerd update-alternatives --install %{_bindir}/dockerd dockerd %{_bindir}/dockerd-ce 1 \ - --slave "${dbefile}" distribution_based_engine.json /var/lib/docker/distribution_based_engine-ce.json + --slave "${dbefile}" distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json fi # package upgrade scenario, after new files are installed From c373b85461e59215e79678a1105ab32f93024bd0 Mon Sep 17 00:00:00 2001 From: Valentin Kulesh Date: Mon, 8 Oct 2018 21:51:09 +0300 Subject: [PATCH 054/126] Restore `Type=notify` in Systemd unit Signed-off-by: Valentin Kulesh --- pkg/docker-engine/common/systemd/docker.service | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 8f4c7d11..41b3849a 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -6,6 +6,7 @@ After=network-online.target firewalld.service Wants=network-online.target [Service] +Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker From c8bf9fa3c76a1a49cd15dea79b1835d89d123347 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 15 Oct 2018 21:11:54 +0000 Subject: [PATCH 055/126] Change replaces/breaks to have compat with nightly Nightly builds wouldn't install correctly since our versioning scheme for nightly builds is 0.0.0~ and 0 < 18. Should be backwards compatible with 18.09 builds so there's no need to actually backport this to 18.09. Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 58f8e99e..b2b566ea 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -42,8 +42,8 @@ Package: docker-ce-cli Architecture: linux-any Depends: ${shlibs:Depends} Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs -Replaces: docker-ce (<< 5:18.09) -Breaks: docker-ce (<< 5:18.09) +Replaces: docker-ce (<< 5:0) +Breaks: docker-ce (<< 5:0) Description: Docker CLI: the open-source application container engine Docker is a product for you to build, ship and run any application as a lightweight container From 55254c5c1fafad50c065f4275b66d4ec9847413f Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 8 Nov 2018 18:57:49 +0000 Subject: [PATCH 056/126] Add the docker.socket back in Re-adds the docker.socket file for debian based distributions. Signed-off-by: Eli Uriegas --- .../common/systemd/00-socket-activation.conf | 7 +++++++ pkg/docker-engine/common/systemd/docker.service | 2 +- pkg/docker-engine/common/systemd/docker.socket | 12 ++++++++++++ pkg/docker-engine/deb/rules | 2 ++ 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 pkg/docker-engine/common/systemd/00-socket-activation.conf create mode 100644 pkg/docker-engine/common/systemd/docker.socket diff --git a/pkg/docker-engine/common/systemd/00-socket-activation.conf b/pkg/docker-engine/common/systemd/00-socket-activation.conf new file mode 100644 index 00000000..b1ccee04 --- /dev/null +++ b/pkg/docker-engine/common/systemd/00-socket-activation.conf @@ -0,0 +1,7 @@ +[Unit] +After=docker.socket +Requires=docker.socket + +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 41b3849a..1fcd8812 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -10,7 +10,7 @@ Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker -ExecStart=/usr/bin/dockerd -H unix:// +ExecStart=/usr/bin/dockerd ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 diff --git a/pkg/docker-engine/common/systemd/docker.socket b/pkg/docker-engine/common/systemd/docker.socket new file mode 100644 index 00000000..7dd95098 --- /dev/null +++ b/pkg/docker-engine/common/systemd/docker.socket @@ -0,0 +1,12 @@ +[Unit] +Description=Docker Socket for the API +PartOf=docker.service + +[Socket] +ListenStream=/var/run/docker.sock +SocketMode=0660 +SocketUser=root +SocketGroup=docker + +[Install] +WantedBy=sockets.target diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index ed96288a..d2673101 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -21,6 +21,8 @@ override_dh_auto_install: install -D -m 0755 /go/src/github.com/docker/cli/build/docker debian/docker-ce-cli/usr/bin/docker # docker-ce install install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service + install -D -m 0644 /sources/docker.socket debian/docker-ce/lib/systemd/system/docker.socket + install -D -m 0644 /sources/00-socket-activation.conf debian/docker-ce/lib/systemd/system/docker.service.d/00-socket-activation.conf install -D -m 0755 /source/dockerd debian/docker-ce/usr/bin/dockerd-ce install -D -m 0755 /source/docker-proxy debian/docker-ce/usr/bin/docker-proxy install -D -m 0755 /source/docker-init debian/docker-ce/usr/bin/docker-init From 95df4a583c334fe235c93ed350e1f68d6f270dd9 Mon Sep 17 00:00:00 2001 From: Daniel Hiltgen Date: Tue, 28 Aug 2018 17:07:43 -0700 Subject: [PATCH 057/126] Add explicit dependency for libseccomp2 While testing on older ubuntu images we discovered we do depend on a newer version of libseccomp2. Signed-off-by: Daniel Hiltgen (cherry picked from commit cbbc483409b64320f7db5e4b9dd2065cca8db5fc) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index b2b566ea..4dbded64 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -16,7 +16,7 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any -Depends: docker-ce-cli, containerd.io, iptables, ${shlibs:Depends} +Depends: docker-ce-cli, containerd.io, iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends} Recommends: aufs-tools, ca-certificates, cgroupfs-mount | cgroup-lite, From 765cdf34a790044a6d1fb3d821d142cae47d9b72 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 28 Nov 2018 16:04:46 +0100 Subject: [PATCH 058/126] Remove containerd dependency from CLI The RPM packages list containerd as a hard dependency. While having containerd installed allows certain features (e.g., allow you to run `docker engine activate`), this should not be a requirement for installing the Docker CLI, as it limits the use of this package for situations where the CLI is installed to connect to a remote daemon. This patch removes the containerd dependency from the RPM packages (the deb packages don't have this dependency, so no change is needed in those packages) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 062c374a..73c4ffe0 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -17,7 +17,6 @@ Requires: docker-ce-cli Requires: container-selinux >= 2.9 Requires: systemd-units Requires: iptables -# Should be required as well by docker-ce-cli but let's just be thorough Requires: containerd.io BuildRequires: which From 91cbb85848b6e9c093eab20c9cc86db08ffaaa81 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 29 Nov 2018 00:47:07 +0000 Subject: [PATCH 059/126] Add socket activation for RHEL based distributions Removes the systemd drop-in unit file for socket activation and instead prefers socket activation by default for both RHEL based and DEBIAN based distributions. Socket activation for RHEL based distributions was tested on CentOS 7 and Fedora 28. Signed-off-by: Eli Uriegas --- pkg/docker-engine/common/systemd/00-socket-activation.conf | 7 ------- pkg/docker-engine/common/systemd/docker.service | 2 +- pkg/docker-engine/deb/rules | 1 - pkg/docker-engine/rpm/docker-ce.spec | 3 +++ 4 files changed, 4 insertions(+), 9 deletions(-) delete mode 100644 pkg/docker-engine/common/systemd/00-socket-activation.conf diff --git a/pkg/docker-engine/common/systemd/00-socket-activation.conf b/pkg/docker-engine/common/systemd/00-socket-activation.conf deleted file mode 100644 index b1ccee04..00000000 --- a/pkg/docker-engine/common/systemd/00-socket-activation.conf +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -After=docker.socket -Requires=docker.socket - -[Service] -ExecStart= -ExecStart=/usr/bin/dockerd -H fd:// diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 1fcd8812..eb841d13 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -10,7 +10,7 @@ Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker -ExecStart=/usr/bin/dockerd +ExecStart=/usr/bin/dockerd -H fd:// ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index d2673101..efb57d8e 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -22,7 +22,6 @@ override_dh_auto_install: # docker-ce install install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service install -D -m 0644 /sources/docker.socket debian/docker-ce/lib/systemd/system/docker.socket - install -D -m 0644 /sources/00-socket-activation.conf debian/docker-ce/lib/systemd/system/docker.service.d/00-socket-activation.conf install -D -m 0755 /source/dockerd debian/docker-ce/usr/bin/dockerd-ce install -D -m 0755 /source/docker-proxy debian/docker-ce/usr/bin/docker-proxy install -D -m 0755 /source/docker-init debian/docker-ce/usr/bin/docker-init diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 73c4ffe0..714f470b 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -6,6 +6,7 @@ Version: %{_version} Release: %{_release}%{?dist} Epoch: 3 Source0: docker.service +Source1: docker.socket Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -56,6 +57,7 @@ install -D -m 0755 /sources/dockerd $RPM_BUILD_ROOT/%{_bindir}/dockerd-ce install -D -m 0755 /sources/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy install -D -m 0755 /sources/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service +install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT/%{_unitdir}/docker.socket install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker-engine/distribution_based_engine-ce.json %files @@ -63,6 +65,7 @@ install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ /%{_bindir}/docker-proxy /%{_bindir}/docker-init /%{_unitdir}/docker.service +/%{_unitdir}/docker.socket /var/lib/docker-engine/distribution_based_engine-ce.json %pre From 3e74370a429ed051bfb4f6330d9a33a4055d7f4a Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 3 Dec 2018 19:14:10 +0000 Subject: [PATCH 060/126] Add docker.socket requirement for docker.service Without this the docker.socket would not start by default when starting the docker.service leading to failures to start. Signed-off-by: Eli Uriegas --- pkg/docker-engine/common/systemd/docker.service | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index eb841d13..9cc6216d 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -4,6 +4,7 @@ Documentation=https://docs.docker.com BindsTo=containerd.service After=network-online.target firewalld.service Wants=network-online.target +Requires=docker.socket [Service] Type=notify From 201795ae1c75f5c3bb4c93fde5d909f4f2dd13e4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 28 Nov 2018 15:22:19 +0100 Subject: [PATCH 061/126] Add libseccomp requirement for rpm packages This requirement was originally added in 86f76496ce33bd6eff1737348bc44add4723ddd2, but got removed in the migration to the new image-based packaging. Commit cbbc483409b64320f7db5e4b9dd2065cca8db5fc added this requirement back for `.deb` packages, but did not include the same changes for RPMs. This patch adds back the requirement for RPM packages as well. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit c92761f4282c9cc23248f88a192b06826a0239d4) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 714f470b..e35faa9d 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -16,6 +16,7 @@ Packager: Docker Requires: docker-ce-cli Requires: container-selinux >= 2.9 +Requires: libseccomp >= 2.3 Requires: systemd-units Requires: iptables Requires: containerd.io From 362215a59efaba56dbad53f3fb56576ddadf3662 Mon Sep 17 00:00:00 2001 From: Olaf Meeuwissen Date: Sun, 23 Dec 2018 16:55:40 +0900 Subject: [PATCH 062/126] Restore SysVinit and Upstart support This was removed in 4cd84c8dd23794dd51038960aa354e238ac3b886. The removal breaks usage on Debian derivatives that do not use systemd (see https://github.com/docker/for-linux/issues/482). (cherry picked from commit c6b86c49786dc67604bd0f9bc5f2017a63068334) Signed-off-by: Eli Uriegas --- .../deb/docker-ce.docker.default | 20 +++ pkg/docker-engine/deb/docker-ce.docker.init | 156 ++++++++++++++++++ .../deb/docker-ce.docker.upstart | 72 ++++++++ pkg/docker-engine/deb/rules | 4 + 4 files changed, 252 insertions(+) create mode 100644 pkg/docker-engine/deb/docker-ce.docker.default create mode 100644 pkg/docker-engine/deb/docker-ce.docker.init create mode 100644 pkg/docker-engine/deb/docker-ce.docker.upstart diff --git a/pkg/docker-engine/deb/docker-ce.docker.default b/pkg/docker-engine/deb/docker-ce.docker.default new file mode 100644 index 00000000..c4e93199 --- /dev/null +++ b/pkg/docker-engine/deb/docker-ce.docker.default @@ -0,0 +1,20 @@ +# Docker Upstart and SysVinit configuration file + +# +# THIS FILE DOES NOT APPLY TO SYSTEMD +# +# Please see the documentation for "systemd drop-ins": +# https://docs.docker.com/engine/admin/systemd/ +# + +# Customize location of Docker binary (especially for development testing). +#DOCKERD="/usr/local/bin/dockerd" + +# Use DOCKER_OPTS to modify the daemon startup options. +#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4" + +# If you need Docker to use an HTTP proxy, it can also be specified here. +#export http_proxy="http://127.0.0.1:3128/" + +# This is also a handy place to tweak where Docker's temporary files go. +#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp" diff --git a/pkg/docker-engine/deb/docker-ce.docker.init b/pkg/docker-engine/deb/docker-ce.docker.init new file mode 100644 index 00000000..9c8fa6be --- /dev/null +++ b/pkg/docker-engine/deb/docker-ce.docker.init @@ -0,0 +1,156 @@ +#!/bin/sh +set -e + +### BEGIN INIT INFO +# Provides: docker +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs +# Should-Start: cgroupfs-mount cgroup-lite +# Should-Stop: cgroupfs-mount cgroup-lite +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Create lightweight, portable, self-sufficient containers. +# Description: +# Docker is an open-source project to easily create lightweight, portable, +# self-sufficient containers from any application. The same container that a +# developer builds and tests on a laptop can run at scale, in production, on +# VMs, bare metal, OpenStack clusters, public clouds and more. +### END INIT INFO + +export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin + +BASE=docker + +# modify these in /etc/default/$BASE (/etc/default/docker) +DOCKERD=/usr/bin/dockerd +# This is the pid file managed by docker itself +DOCKER_PIDFILE=/var/run/$BASE.pid +# This is the pid file created/managed by start-stop-daemon +DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid +DOCKER_LOGFILE=/var/log/$BASE.log +DOCKER_OPTS= +DOCKER_DESC="Docker" + +# Get lsb functions +. /lib/lsb/init-functions + +if [ -f /etc/default/$BASE ]; then + . /etc/default/$BASE +fi + +# Check docker is present +if [ ! -x $DOCKERD ]; then + log_failure_msg "$DOCKERD not present or not executable" + exit 1 +fi + +check_init() { + # see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly) + if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then + log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1" + exit 1 + fi +} + +fail_unless_root() { + if [ "$(id -u)" != '0' ]; then + log_failure_msg "$DOCKER_DESC must be run as root" + exit 1 + fi +} + +cgroupfs_mount() { + # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount + if grep -v '^#' /etc/fstab | grep -q cgroup \ + || [ ! -e /proc/cgroups ] \ + || [ ! -d /sys/fs/cgroup ]; then + return + fi + if ! mountpoint -q /sys/fs/cgroup; then + mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup + fi + ( + cd /sys/fs/cgroup + for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do + mkdir -p $sys + if ! mountpoint -q $sys; then + if ! mount -n -t cgroup -o $sys cgroup $sys; then + rmdir $sys || true + fi + fi + done + ) +} + +case "$1" in + start) + check_init + + fail_unless_root + + cgroupfs_mount + + touch "$DOCKER_LOGFILE" + chgrp docker "$DOCKER_LOGFILE" + + ulimit -n 1048576 + + # Having non-zero limits causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. + if [ "$BASH" ]; then + ulimit -u unlimited + else + ulimit -p unlimited + fi + + log_begin_msg "Starting $DOCKER_DESC: $BASE" + start-stop-daemon --start --background \ + --no-close \ + --exec "$DOCKERD" \ + --pidfile "$DOCKER_SSD_PIDFILE" \ + --make-pidfile \ + -- \ + -p "$DOCKER_PIDFILE" \ + $DOCKER_OPTS \ + >> "$DOCKER_LOGFILE" 2>&1 + log_end_msg $? + ;; + + stop) + check_init + fail_unless_root + if [ -f "$DOCKER_SSD_PIDFILE" ]; then + log_begin_msg "Stopping $DOCKER_DESC: $BASE" + start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10 + log_end_msg $? + else + log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found." + fi + ;; + + restart) + check_init + fail_unless_root + docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null` + [ -n "$docker_pid" ] \ + && ps -p $docker_pid > /dev/null 2>&1 \ + && $0 stop + $0 start + ;; + + force-reload) + check_init + fail_unless_root + $0 restart + ;; + + status) + check_init + status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC" + ;; + + *) + echo "Usage: service docker {start|stop|restart|status}" + exit 1 + ;; +esac diff --git a/pkg/docker-engine/deb/docker-ce.docker.upstart b/pkg/docker-engine/deb/docker-ce.docker.upstart new file mode 100644 index 00000000..d58f7d6a --- /dev/null +++ b/pkg/docker-engine/deb/docker-ce.docker.upstart @@ -0,0 +1,72 @@ +description "Docker daemon" + +start on (filesystem and net-device-up IFACE!=lo) +stop on runlevel [!2345] + +limit nofile 524288 1048576 + +# Having non-zero limits causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +limit nproc unlimited unlimited + +respawn + +kill timeout 20 + +pre-start script + # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount + if grep -v '^#' /etc/fstab | grep -q cgroup \ + || [ ! -e /proc/cgroups ] \ + || [ ! -d /sys/fs/cgroup ]; then + exit 0 + fi + if ! mountpoint -q /sys/fs/cgroup; then + mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup + fi + ( + cd /sys/fs/cgroup + for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do + mkdir -p $sys + if ! mountpoint -q $sys; then + if ! mount -n -t cgroup -o $sys cgroup $sys; then + rmdir $sys || true + fi + fi + done + ) +end script + +script + # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker) + DOCKERD=/usr/bin/dockerd + DOCKER_OPTS= + if [ -f /etc/default/$UPSTART_JOB ]; then + . /etc/default/$UPSTART_JOB + fi + exec "$DOCKERD" $DOCKER_OPTS --raw-logs +end script + +# Don't emit "started" event until docker.sock is ready. +# See https://github.com/docker/docker/issues/6647 +post-start script + DOCKER_OPTS= + DOCKER_SOCKET= + if [ -f /etc/default/$UPSTART_JOB ]; then + . /etc/default/$UPSTART_JOB + fi + + if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then + DOCKER_SOCKET=/var/run/docker.sock + else + DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q) + fi + + if [ -n "$DOCKER_SOCKET" ]; then + while ! [ -e "$DOCKER_SOCKET" ]; do + initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1 + echo "Waiting for $DOCKER_SOCKET" + sleep 0.1 + done + echo "$DOCKER_SOCKET is up" + fi +end script diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index efb57d8e..cfe295c0 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -27,6 +27,10 @@ override_dh_auto_install: install -D -m 0755 /source/docker-init debian/docker-ce/usr/bin/docker-init install -D -m 0644 /sources/distribution_based_engine.json debian/docker-ce/var/lib/docker-engine/distribution_based_engine-ce.json +override_dh_installinit: + # use "docker" as our service name, not "docker-ce" + dh_installinit --name=docker + override_dh_shlibdeps: dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info From 111ffa9abd0937163e824a371072abd11b89ecde Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 14 Jan 2019 19:55:39 +0000 Subject: [PATCH 063/126] Require a containerd version >= 1.2.2 Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/control | 2 +- pkg/docker-engine/rpm/docker-ce.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 4dbded64..6a9dc094 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -16,7 +16,7 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any -Depends: docker-ce-cli, containerd.io, iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends} +Depends: docker-ce-cli, containerd.io (>= 1.2.2), iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends} Recommends: aufs-tools, ca-certificates, cgroupfs-mount | cgroup-lite, diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index e35faa9d..314e73b9 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -19,7 +19,7 @@ Requires: container-selinux >= 2.9 Requires: libseccomp >= 2.3 Requires: systemd-units Requires: iptables -Requires: containerd.io +Requires: containerd.io >= 1.2.2 BuildRequires: which BuildRequires: make From 3ce815553a8f81ab27965adf05d88311a4d526e6 Mon Sep 17 00:00:00 2001 From: corbin-coleman Date: Mon, 14 Jan 2019 23:27:51 +0000 Subject: [PATCH 064/126] Start docker.service after containerd.service Signed-off-by: corbin-coleman --- pkg/docker-engine/common/systemd/docker.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 9cc6216d..1605e289 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -2,7 +2,7 @@ Description=Docker Application Container Engine Documentation=https://docs.docker.com BindsTo=containerd.service -After=network-online.target firewalld.service +After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket From c25e4a9a521ed92fc16f41ce0ced211231bc1121 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Tue, 15 Jan 2019 09:13:32 -0800 Subject: [PATCH 065/126] Revert "Require a containerd.io version >= 1.2.2" --- pkg/docker-engine/deb/control | 2 +- pkg/docker-engine/rpm/docker-ce.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 6a9dc094..4dbded64 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -16,7 +16,7 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any -Depends: docker-ce-cli, containerd.io (>= 1.2.2), iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends} +Depends: docker-ce-cli, containerd.io, iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends} Recommends: aufs-tools, ca-certificates, cgroupfs-mount | cgroup-lite, diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 314e73b9..e35faa9d 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -19,7 +19,7 @@ Requires: container-selinux >= 2.9 Requires: libseccomp >= 2.3 Requires: systemd-units Requires: iptables -Requires: containerd.io >= 1.2.2 +Requires: containerd.io BuildRequires: which BuildRequires: make From 9c74455147b094581772c194afcf76257dc20dc7 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 28 Nov 2018 15:44:43 +0100 Subject: [PATCH 066/126] Add back requirements that were removed in the migration During the migration to "image based builds", some dependencies were removed. This patch brings back those dependencies. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 5ccc8e765cb56aeef71d65cb20ba7adc2f853a2c) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index e35faa9d..424dd405 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -19,7 +19,13 @@ Requires: container-selinux >= 2.9 Requires: libseccomp >= 2.3 Requires: systemd-units Requires: iptables +Requires: libcgroup Requires: containerd.io +Requires: tar +Requires: xz + +# Resolves: rhbz#1165615 +Requires: device-mapper-libs >= 1.02.90-1 BuildRequires: which BuildRequires: make From 14c2d5ce2c0fbdd8482d4b7ea2b254d8fee2267d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 11 Feb 2019 14:28:03 +0100 Subject: [PATCH 067/126] systemd: set --containerd socket patch to prevent race-condition containerd is now running as a separate service, and should no longer be started as a managed child-process of dockerd. The dockerd service already specifies that it should be started `After` the containerd.service, but there is still a race condition, where containerd is started, but its socket is not yet created. In that situation, `dockerd` detects that the containerd socket is missing, and will start a new instance of containerd (as a managed child-process), which causes live-restore to fail. This patch explicitly sets the `--containerd` daemon option. If this option is set, `dockerd` will not start a new instance of containerd. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 1605e289..3b658fd9 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -11,7 +11,7 @@ Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker -ExecStart=/usr/bin/dockerd -H fd:// +ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 From 63223f89fa46dcfe17db44a964394bd33f5883c5 Mon Sep 17 00:00:00 2001 From: Michael Hudson-Doyle Date: Wed, 27 Feb 2019 12:49:17 +1300 Subject: [PATCH 068/126] systemd: fix typo in TasksMax comment --- pkg/docker-engine/common/systemd/docker.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 3b658fd9..1be9bbab 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -33,7 +33,7 @@ LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity -# Comment TasksMax if your systemd version does not supports it. +# Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity From e13da382238b82b3721f09be66f166a602bad3ad Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 5 Mar 2019 22:31:45 +0000 Subject: [PATCH 069/126] Add plugin installation for DEB and RPM Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/rules | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index cfe295c0..103b2c02 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -10,6 +10,12 @@ override_dh_gencontrol: override_dh_auto_build: cd /go/src/github.com/docker/cli && \ LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages + # Make sure to set LDFLAGS="" since, dpkg-buildflags sets it to some weird values + set -e;cd /sources && \ + tar xzf plugin-installers.tgz; \ + for installer in plugins/*.installer; do \ + LDFLAGS='' bash $${installer} build; \ + done override_dh_strip: # Go has lots of problems with stripping, so just don't @@ -19,6 +25,13 @@ override_dh_auto_install: install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker install -D -m 0755 /go/src/github.com/docker/cli/build/docker debian/docker-ce-cli/usr/bin/docker + set -e;cd /sources && \ + tar xzf plugin-installers.tgz; \ + for installer in plugins/*.installer; do \ + DESTDIR=/root/build-deb/debian/docker-ce-cli \ + PREFIX=/usr/libexec/docker/cli-plugins \ + bash $${installer} install_plugin; \ + done # docker-ce install install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service install -D -m 0644 /sources/docker.socket debian/docker-ce/lib/systemd/system/docker.socket From e28915494200b5e1eb7b4c3b65841f61562d6d21 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 25 Mar 2019 20:01:45 +0000 Subject: [PATCH 070/126] RPM: build the daemon as part of the package Restores previous behavior when it comes to building the daemon plus its dependencies (docker-proxy, docker-init) Signed-off-by: Eli Uriegas --- pkg/docker-engine/rpm/docker-ce.spec | 91 ++++++++++++++-------------- 1 file changed, 47 insertions(+), 44 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 424dd405..4f91f44e 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -5,8 +5,9 @@ Name: docker-ce Version: %{_version} Release: %{_release}%{?dist} Epoch: 3 -Source0: docker.service -Source1: docker.socket +Source0: engine.tgz +Source1: docker.service +Source2: docker.socket Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -27,10 +28,25 @@ Requires: xz # Resolves: rhbz#1165615 Requires: device-mapper-libs >= 1.02.90-1 -BuildRequires: which -BuildRequires: make +BuildRequires: bash +BuildRequires: btrfs-progs-devel +BuildRequires: ca-certificates +BuildRequires: cmake +BuildRequires: device-mapper-devel BuildRequires: gcc +BuildRequires: git +BuildRequires: glibc-static +BuildRequires: libseccomp-devel +BuildRequires: libselinux-devel +BuildRequires: libtool +BuildRequires: libtool-ltdl-devel +BuildRequires: make +BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) +BuildRequires: selinux-policy-devel +BuildRequires: systemd-devel +BuildRequires: tar +BuildRequires: which # conflicting packages Conflicts: docker @@ -55,20 +71,42 @@ for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. %prep +%setup -q -c -n src -a 0 %build +export DOCKER_GITCOMMIT=%{_gitcommit} +mkdir -p /go/src/github.com/docker +ln -s /root/rpmbuild/BUILD/src/engine /go/src/github.com/docker/docker + +pushd engine +for component in tini "proxy dynamic";do + TMP_GOPATH="/go" hack/dockerfile/install/install.sh $component +done +VERSION=%{_origversion} PRODUCT=docker hack/make.sh dynbinary +popd + +%check +engine/bundles/dynbinary-daemon/dockerd -v %install -# Install containerd-proxy as dockerd -install -D -m 0755 /sources/dockerd $RPM_BUILD_ROOT/%{_bindir}/dockerd-ce -install -D -m 0755 /sources/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy -install -D -m 0755 /sources/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init +# install daemon binary +install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT/%{_bindir}/dockerd + +# install proxy +install -D -p -m 0755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy + +# install tini +install -D -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init + +# install systemd scripts install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT/%{_unitdir}/docker.socket + +# install json for docker engine activate / upgrade install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker-engine/distribution_based_engine-ce.json %files -/%{_bindir}/dockerd-ce +/%{_bindir}/dockerd /%{_bindir}/docker-proxy /%{_bindir}/docker-init /%{_unitdir}/docker.service @@ -94,51 +132,16 @@ fi if ! getent group docker > /dev/null; then groupadd --system docker fi -dbefile=/var/lib/docker-engine/distribution_based_engine.json -URL=https://docs.docker.com/releasenote -if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then - echo - echo - echo - echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages" - echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages." - echo "See $URL for more details." - echo - echo - echo -else - rm -f %{_bindir}/dockerd - update-alternatives --install %{_bindir}/dockerd dockerd %{_bindir}/dockerd-ce 1 \ - --slave "${dbefile}" distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json -fi %preun %systemd_preun docker -update-alternatives --remove dockerd %{_bindir}/dockerd || true %postun %systemd_postun_with_restart docker %posttrans if [ $1 -ge 0 ] ; then - dbefile=/var/lib/docker-engine/distribution_based_engine.json - URL=https://docs.docker.com/releasenote - if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then - echo - echo - echo - echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages" - echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages." - echo "See $URL for more details." - echo - echo - echo - else - rm -f %{_bindir}/dockerd - update-alternatives --install %{_bindir}/dockerd dockerd %{_bindir}/dockerd-ce 1 \ - --slave "${dbefile}" distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json - fi # package upgrade scenario, after new files are installed # check if docker was running before upgrade From 0af97685f28b27aa42b617759bfcea94c1d1194f Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 25 Mar 2019 21:53:14 +0000 Subject: [PATCH 071/126] DEB: build the daemon as part of the package Restores previous behavior when it comes to building the daemon plus its dependencies (docker-proxy, docker-init) Signed-off-by: Eli Uriegas Signed-off-by: Eli Uriegas Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/control | 15 +++++++++++++-- pkg/docker-engine/deb/docker-ce.postinst | 24 ------------------------ pkg/docker-engine/deb/rules | 19 +++++++++++++++---- 3 files changed, 28 insertions(+), 30 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 4dbded64..dc74dd56 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -2,13 +2,24 @@ Source: docker-ce Section: admin Priority: optional Maintainer: Docker -Build-Depends: bash-completion, +Build-Depends: bash, + bash-completion, + libbtrfs-dev | btrfs-tools, + ca-certificates, + cmake, dh-apparmor, dh-systemd, + gcc, + git, + libc-dev, + libdevmapper-dev, libltdl-dev, + libseccomp-dev, libseccomp2, + libsystemd-dev, + libtool, make, - gcc + pkg-config Standards-Version: 3.9.6 Homepage: https://www.docker.com Vcs-Browser: https://github.com/docker/docker diff --git a/pkg/docker-engine/deb/docker-ce.postinst b/pkg/docker-engine/deb/docker-ce.postinst index d2526764..eeef6ca8 100644 --- a/pkg/docker-engine/deb/docker-ce.postinst +++ b/pkg/docker-engine/deb/docker-ce.postinst @@ -1,26 +1,6 @@ #!/bin/sh set -e -update_dockerd() { - dbefile=/var/lib/docker-engine/distribution_based_engine.json - URL=https://docs.docker.com/releasenote - if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then - echo - echo - echo - echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages" - echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages." - echo "See $URL for more details." - echo - echo - echo - else - rm -f /usr/bin/dockerd - update-alternatives --install /usr/bin/dockerd dockerd /usr/bin/dockerd-ce 1 --slave \ - ${dbefile} distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json - fi -} - case "$1" in configure) if [ -z "$2" ]; then @@ -28,10 +8,6 @@ case "$1" in groupadd --system docker fi fi - update_dockerd - ;; - update) - update_dockerd ;; abort-*) # How'd we get here?? diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 103b2c02..58043902 100644 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -1,6 +1,7 @@ #!/usr/bin/make -f VERSION ?= $(shell cat engine/VERSION) +DOCKER_GOPATH := /go/src/github.com/docker override_dh_gencontrol: # if we're on Ubuntu, we need to Recommends: apparmor @@ -8,8 +9,14 @@ override_dh_gencontrol: dh_gencontrol override_dh_auto_build: + # Build the daemon and dependencies + cd engine && PRODUCT=docker ./hack/make.sh dynbinary + cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini + cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh proxy dynamic + # Build the CLI cd /go/src/github.com/docker/cli && \ LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages + # Build the CLI plugins # Make sure to set LDFLAGS="" since, dpkg-buildflags sets it to some weird values set -e;cd /sources && \ tar xzf plugin-installers.tgz; \ @@ -17,6 +24,10 @@ override_dh_auto_build: LDFLAGS='' bash $${installer} build; \ done +override_dh_auto_test: + ./engine/bundles/dynbinary-daemon/dockerd -v + ./cli/build/docker -v + override_dh_strip: # Go has lots of problems with stripping, so just don't @@ -35,10 +46,10 @@ override_dh_auto_install: # docker-ce install install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service install -D -m 0644 /sources/docker.socket debian/docker-ce/lib/systemd/system/docker.socket - install -D -m 0755 /source/dockerd debian/docker-ce/usr/bin/dockerd-ce - install -D -m 0755 /source/docker-proxy debian/docker-ce/usr/bin/docker-proxy - install -D -m 0755 /source/docker-init debian/docker-ce/usr/bin/docker-init - install -D -m 0644 /sources/distribution_based_engine.json debian/docker-ce/var/lib/docker-engine/distribution_based_engine-ce.json + install -D -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/dockerd) debian/docker-ce/usr/bin/dockerd + install -D -m 0755 /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy + install -D -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init + install -D -m 0644 /sources/distribution_based_engine.json debian/docker-ce/var/lib/docker-engine/distribution_based_engine.json override_dh_installinit: # use "docker" as our service name, not "docker-ce" From 4d345d407c509b756a6861b55de4f3eb55461ec6 Mon Sep 17 00:00:00 2001 From: Philipp Homann Date: Wed, 22 May 2019 15:17:14 +0200 Subject: [PATCH 072/126] rpm lacks dependency to groupadd --- pkg/docker-engine/rpm/docker-ce.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 4f91f44e..31531007 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -15,6 +15,7 @@ URL: https://www.docker.com Vendor: Docker Packager: Docker +Requires: /usr/sbin/groupadd Requires: docker-ce-cli Requires: container-selinux >= 2.9 Requires: libseccomp >= 2.3 From 4a7783434dbb6c871b94f7aa0409c5279c7d2dcc Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 25 Jun 2019 11:28:30 +0200 Subject: [PATCH 073/126] require container-selinux >= 2.74 version 2.9 is really old; this sets the same minimal version as is used for the containerd.io package Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 4f91f44e..3a24bbd5 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -16,7 +16,7 @@ Vendor: Docker Packager: Docker Requires: docker-ce-cli -Requires: container-selinux >= 2.9 +Requires: container-selinux >= 2:2.74 Requires: libseccomp >= 2.3 Requires: systemd-units Requires: iptables From faaf0e23bfbc738b80c8048bbcd5f97f5e951b63 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 25 Jun 2019 11:22:14 +0200 Subject: [PATCH 074/126] Sync RPM Spec with EE - systemd-units -> systemd (taken from 8bb1f0a7a395dfd979cd410b26ef47e55433de32) - some wording changes (taken from a8c522a7c22c34dc354e91941377a4aadc3ddc4c) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 4f91f44e..b515b97f 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -18,7 +18,7 @@ Packager: Docker Requires: docker-ce-cli Requires: container-selinux >= 2.9 Requires: libseccomp >= 2.3 -Requires: systemd-units +Requires: systemd Requires: iptables Requires: libcgroup Requires: containerd.io @@ -60,7 +60,7 @@ Obsoletes: docker-engine-selinux Obsoletes: docker-engine %description -Docker is is a product for you to build, ship and run any application as a +Docker is a product for you to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means @@ -74,6 +74,7 @@ depending on a particular stack or provider. %setup -q -c -n src -a 0 %build + export DOCKER_GITCOMMIT=%{_gitcommit} mkdir -p /go/src/github.com/docker ln -s /root/rpmbuild/BUILD/src/engine /go/src/github.com/docker/docker @@ -133,7 +134,6 @@ if ! getent group docker > /dev/null; then groupadd --system docker fi - %preun %systemd_preun docker From c8c1d5551688bef2a2008b9a0b6b987509660e6d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 25 Jun 2019 12:18:58 +0200 Subject: [PATCH 075/126] Remove the pre and posttrans, they weren't useful On some distros we were encountering errors where `$1` was not being populated for the 'pre' and 'posttrans' rpm macros, upon closer inspection it isn't exactly clear why the pre and posttrans macro scripts were exactly useful since the `%systemd_postun_with_restart` does exactly what those scripts were doing. I've tidied up the systemd macros to use `docker.service` instead of `docker` which seems to function as we'd expect. taken from downstream commit 62d8413b550659a0b5318346ee2e3d7e4a50bfe1 Signed-off-by: Eli Uriegas Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 31 +++------------------------- 1 file changed, 3 insertions(+), 28 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index b515b97f..ef6bbb70 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -114,41 +114,16 @@ install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ /%{_unitdir}/docker.socket /var/lib/docker-engine/distribution_based_engine-ce.json -%pre -if [ $1 -gt 0 ] ; then - # package upgrade scenario, before new files are installed - - # clear any old state - rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : - - # check if docker service is running - if systemctl is-active docker > /dev/null 2>&1; then - systemctl stop docker > /dev/null 2>&1 || : - touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : - fi -fi - %post -%systemd_post docker +%systemd_post docker.service if ! getent group docker > /dev/null; then groupadd --system docker fi %preun -%systemd_preun docker +%systemd_preun docker.service %postun -%systemd_postun_with_restart docker - -%posttrans -if [ $1 -ge 0 ] ; then - # package upgrade scenario, after new files are installed - - # check if docker was running before upgrade - if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then - systemctl start docker > /dev/null 2>&1 || : - rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || : - fi -fi +%systemd_postun_with_restart docker.service %changelog From 0767e0a120b2807a6d50029d502dfd8d49bff3ef Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 8 Feb 2019 21:40:09 +0000 Subject: [PATCH 076/126] Bump containerd.io dep >= 1.2.2-3 (CVE-2019-5736) Signed-off-by: Eli Uriegas (cherry picked from commit 6066c93b9606398d8c4d420615a22608454020e5) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 2 +- pkg/docker-engine/rpm/docker-ce.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index dc74dd56..aa0e9436 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -27,7 +27,7 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any -Depends: docker-ce-cli, containerd.io, iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends} +Depends: docker-ce-cli, containerd.io (>= 1.2.2-3), iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends} Recommends: aufs-tools, ca-certificates, cgroupfs-mount | cgroup-lite, diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index ebff29da..22ee38c6 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -21,7 +21,7 @@ Requires: libseccomp >= 2.3 Requires: systemd Requires: iptables Requires: libcgroup -Requires: containerd.io +Requires: containerd.io >= 1.2.2-3 Requires: tar Requires: xz From b8149df5f78f84a8c2ead53c59db3cd1ac8fed9d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 10 Sep 2019 14:42:15 +0200 Subject: [PATCH 077/126] RPM spec: remove -ce suffix from distribution_based_engine JSON Noticed this failing in internal e2e tests on CentOS: ``` sudo docker engine activate --license /tmp/docker.lic unable to determine the installed engine version. Specify which engine image to update with --engine-image: open /var/lib/docker-engine/distribution_based_engine.json: no such file or directory ``` Looks lik 0af97685f28b27aa42b617759bfcea94c1d1194f changed the name of this file from `distribution_based_engine-ce.json` to `distribution_based_engine.json` (without `-ce` suffix) for the `.deb` packages, but did not update the RPM packages accordingly. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 22ee38c6..83e8ec76 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -104,7 +104,7 @@ install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir} install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT/%{_unitdir}/docker.socket # install json for docker engine activate / upgrade -install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker-engine/distribution_based_engine-ce.json +install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker-engine/distribution_based_engine.json %files /%{_bindir}/dockerd @@ -112,7 +112,7 @@ install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ /%{_bindir}/docker-init /%{_unitdir}/docker.service /%{_unitdir}/docker.socket -/var/lib/docker-engine/distribution_based_engine-ce.json +/var/lib/docker-engine/distribution_based_engine.json %post %systemd_post docker.service From 92fd1108ea4f7b429cc59448e4d36dd0d9f75918 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 20 Oct 2019 18:06:14 +0200 Subject: [PATCH 078/126] deb: make "rules" executable ``` dpkg-buildpackage: info: source package docker-ce dpkg-buildpackage: info: source version 5:0.0.0-20191018214002-79aa6cce-0~ubuntu-bionic dpkg-buildpackage: info: source distribution bionic dpkg-buildpackage: info: source changed by Docker dpkg-buildpackage: warning: debian/rules is not executable; fixing that ``` Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/rules | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 pkg/docker-engine/deb/rules diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules old mode 100644 new mode 100755 From 1a290d5510b7d4c417316e5b5e949b7c007a9ab4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 20 Oct 2019 18:09:49 +0200 Subject: [PATCH 079/126] deb: make init and postinst files executable was not entirely sure if this was needed, but given that they are scripts, I assume they should be executable Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/docker-ce.docker.init | 0 pkg/docker-engine/deb/docker-ce.postinst | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 pkg/docker-engine/deb/docker-ce.docker.init mode change 100644 => 100755 pkg/docker-engine/deb/docker-ce.postinst diff --git a/pkg/docker-engine/deb/docker-ce.docker.init b/pkg/docker-engine/deb/docker-ce.docker.init old mode 100644 new mode 100755 diff --git a/pkg/docker-engine/deb/docker-ce.postinst b/pkg/docker-engine/deb/docker-ce.postinst old mode 100644 new mode 100755 From 8ea09ed062b042f702a6f843ceafeee8859755f9 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 25 Oct 2019 18:28:34 +0000 Subject: [PATCH 080/126] deb: Only recommend aufs-tools on amd64 Signed-off-by: Eli Uriegas --- pkg/docker-engine/deb/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index aa0e9436..a540fc20 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -28,7 +28,7 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any Depends: docker-ce-cli, containerd.io (>= 1.2.2-3), iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends} -Recommends: aufs-tools, +Recommends: aufs-tools [amd64], ca-certificates, cgroupfs-mount | cgroup-lite, git, From 8f96807dda46620270e1f7fdadfafb7acd584b8e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 5 Dec 2019 14:55:10 +0100 Subject: [PATCH 081/126] Remove image-based build (for docker engine activate) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/rules | 1 - pkg/docker-engine/rpm/docker-ce.spec | 4 ---- 2 files changed, 5 deletions(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 58043902..57035dba 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -49,7 +49,6 @@ override_dh_auto_install: install -D -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/dockerd) debian/docker-ce/usr/bin/dockerd install -D -m 0755 /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy install -D -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init - install -D -m 0644 /sources/distribution_based_engine.json debian/docker-ce/var/lib/docker-engine/distribution_based_engine.json override_dh_installinit: # use "docker" as our service name, not "docker-ce" diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 83e8ec76..f37ccb78 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -103,16 +103,12 @@ install -D -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docke install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT/%{_unitdir}/docker.socket -# install json for docker engine activate / upgrade -install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker-engine/distribution_based_engine.json - %files /%{_bindir}/dockerd /%{_bindir}/docker-proxy /%{_bindir}/docker-init /%{_unitdir}/docker.service /%{_unitdir}/docker.socket -/var/lib/docker-engine/distribution_based_engine.json %post %systemd_post docker.service From e0d798bdc4a7a9cb20f184554eb2465d235193c2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 4 Mar 2020 09:39:20 +0100 Subject: [PATCH 082/126] deb: remove unused DOCKER_GOPATH variable This variable was added in 0af97685f28b27aa42b617759bfcea94c1d1194f but appears to be unused. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/rules | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 57035dba..e914b61c 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -1,7 +1,6 @@ #!/usr/bin/make -f VERSION ?= $(shell cat engine/VERSION) -DOCKER_GOPATH := /go/src/github.com/docker override_dh_gencontrol: # if we're on Ubuntu, we need to Recommends: apparmor From 3b578eb6e44cd0c8b15802133791033ebe314287 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 4 Mar 2020 13:19:42 +0100 Subject: [PATCH 083/126] Don't disable socket activation when stopping docker service PartOf deactivates the socket whenever the service get deactivated. The socket unit however should be active nevertheless, so that the docker service can be started again through socket activation. Based on the original patch in upstream moby/moby by Max Harmathy. Co-authored-by: Max Harmathy Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.socket | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/docker-engine/common/systemd/docker.socket b/pkg/docker-engine/common/systemd/docker.socket index 7dd95098..9db50491 100644 --- a/pkg/docker-engine/common/systemd/docker.socket +++ b/pkg/docker-engine/common/systemd/docker.socket @@ -1,6 +1,5 @@ [Unit] Description=Docker Socket for the API -PartOf=docker.service [Socket] ListenStream=/var/run/docker.sock From 48534d0166770a2d078fa202b6007fc6f40885dc Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 20 Mar 2020 18:37:44 +0100 Subject: [PATCH 084/126] Fix CentOS 8 build - Enable PowerTools repo - Disable building btrfs, which is no longer supported on CentOS/RHEL Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index f37ccb78..335cefcd 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -1,5 +1,7 @@ %global debug_package %{nil} +# BTRFS is enabled by default, but can be disabled by defining _without_btrfs +%{!?_with_btrfs: %{!?_without_btrfs: %define _with_btrfs 1}} Name: docker-ce Version: %{_version} @@ -29,7 +31,7 @@ Requires: xz Requires: device-mapper-libs >= 1.02.90-1 BuildRequires: bash -BuildRequires: btrfs-progs-devel +%{?_with_btrfs:BuildRequires: btrfs-progs-devel} BuildRequires: ca-certificates BuildRequires: cmake BuildRequires: device-mapper-devel @@ -79,7 +81,7 @@ export DOCKER_GITCOMMIT=%{_gitcommit} mkdir -p /go/src/github.com/docker ln -s /root/rpmbuild/BUILD/src/engine /go/src/github.com/docker/docker -pushd engine +pushd /root/rpmbuild/BUILD/src/engine for component in tini "proxy dynamic";do TMP_GOPATH="/go" hack/dockerfile/install/install.sh $component done From e3912a926e9b51fa0d526dae2c5a960de7c12f98 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 23 Mar 2020 12:24:02 +0100 Subject: [PATCH 085/126] rpm: fix double slashes in paths The built-in macros for paths all have a leading slash, so removing slashes that were manually added before them. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 335cefcd..e66feddf 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -93,24 +93,24 @@ engine/bundles/dynbinary-daemon/dockerd -v %install # install daemon binary -install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT/%{_bindir}/dockerd +install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT%{_bindir}/dockerd # install proxy -install -D -p -m 0755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy +install -D -p -m 0755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT%{_bindir}/docker-proxy # install tini -install -D -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init +install -D -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT%{_bindir}/docker-init # install systemd scripts -install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service -install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT/%{_unitdir}/docker.socket +install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT%{_unitdir}/docker.service +install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT%{_unitdir}/docker.socket %files -/%{_bindir}/dockerd -/%{_bindir}/docker-proxy -/%{_bindir}/docker-init -/%{_unitdir}/docker.service -/%{_unitdir}/docker.socket +%{_bindir}/dockerd +%{_bindir}/docker-proxy +%{_bindir}/docker-init +%{_unitdir}/docker.service +%{_unitdir}/docker.socket %post %systemd_post docker.service From 006b7109e684b831a476c1de1deadd02fa224382 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 23 Mar 2020 12:27:50 +0100 Subject: [PATCH 086/126] rpm: use macros/env-vars instead of hard-coded paths Use the [built-in macros][1] and env-vars for some paths: - Use `%{_libexecdir}` macro, instead of `/usr/libexec` - Use `%{_datadir}` instead of `/usr/share` - Use `%{_specsdir}` instead of `/root/rpmbuild/SPECS` - Use `$RPM_BUILD_DIR` instead of `/root/rpmbuild/BUILD` - Use `$RPM_SOURCE_DIR` instead of `/root/rpmbuild/SOURCES` [1]: https://rpm.org/user_doc/macros.html Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index e66feddf..e7a19063 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -79,9 +79,9 @@ depending on a particular stack or provider. export DOCKER_GITCOMMIT=%{_gitcommit} mkdir -p /go/src/github.com/docker -ln -s /root/rpmbuild/BUILD/src/engine /go/src/github.com/docker/docker +ln -s ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker -pushd /root/rpmbuild/BUILD/src/engine +pushd ${RPM_BUILD_DIR}/src/engine for component in tini "proxy dynamic";do TMP_GOPATH="/go" hack/dockerfile/install/install.sh $component done @@ -102,8 +102,8 @@ install -D -p -m 0755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT%{_bindir}/dock install -D -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT%{_bindir}/docker-init # install systemd scripts -install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT%{_unitdir}/docker.service -install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT%{_unitdir}/docker.socket +install -D -m 0644 ${RPM_SOURCE_DIR}/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service +install -D -m 0644 ${RPM_SOURCE_DIR}/docker.socket ${RPM_BUILD_ROOT}%{_unitdir}/docker.socket %files %{_bindir}/dockerd From 7df0b21dae7b3209ce4ef663105181274de37399 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 23 Mar 2020 13:40:30 +0100 Subject: [PATCH 087/126] rpm: consistently use curly brackets for env-vars Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index e7a19063..26992228 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -93,13 +93,13 @@ engine/bundles/dynbinary-daemon/dockerd -v %install # install daemon binary -install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT%{_bindir}/dockerd +install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) ${RPM_BUILD_ROOT}%{_bindir}/dockerd # install proxy -install -D -p -m 0755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT%{_bindir}/docker-proxy +install -D -p -m 0755 /usr/local/bin/docker-proxy ${RPM_BUILD_ROOT}%{_bindir}/docker-proxy # install tini -install -D -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT%{_bindir}/docker-init +install -D -p -m 755 /usr/local/bin/docker-init ${RPM_BUILD_ROOT}%{_bindir}/docker-init # install systemd scripts install -D -m 0644 ${RPM_SOURCE_DIR}/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service From 0df37a8f056df5cf0e924fd6b448dbddeb542047 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 1 Apr 2020 16:50:35 +0200 Subject: [PATCH 088/126] rpm: remove devicemapper requirement devicemapper is now an optional configuration, so we shouldn't make it a required dependency. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 26992228..7badd7bc 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -27,9 +27,6 @@ Requires: containerd.io >= 1.2.2-3 Requires: tar Requires: xz -# Resolves: rhbz#1165615 -Requires: device-mapper-libs >= 1.02.90-1 - BuildRequires: bash %{?_with_btrfs:BuildRequires: btrfs-progs-devel} BuildRequires: ca-certificates From e3c8496cc166904907eb3c13806dea7eb3a13d08 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 2 Apr 2020 11:31:24 +0200 Subject: [PATCH 089/126] deb: add missing format version dpkg-source: warning: no source format specified in debian/source/format, see dpkg-source(1) ... dpkg-source: info: using source format '1.0' Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/source/format | 1 + 1 file changed, 1 insertion(+) create mode 100644 pkg/docker-engine/deb/source/format diff --git a/pkg/docker-engine/deb/source/format b/pkg/docker-engine/deb/source/format new file mode 100644 index 00000000..d3827e75 --- /dev/null +++ b/pkg/docker-engine/deb/source/format @@ -0,0 +1 @@ +1.0 From fa366156133961eb8791d61b8ab3731ee2c065e9 Mon Sep 17 00:00:00 2001 From: Guillaume Lours Date: Thu, 2 Apr 2020 16:22:10 +0200 Subject: [PATCH 090/126] Replace the default common commit by a specific one for cli and engine for RPM packaging Signed-off-by: Guillaume Lours --- pkg/docker-engine/rpm/docker-ce.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 26992228..985141fc 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -77,7 +77,7 @@ depending on a particular stack or provider. %build -export DOCKER_GITCOMMIT=%{_gitcommit} +export DOCKER_GITCOMMIT=%{_gitcommit_engine} mkdir -p /go/src/github.com/docker ln -s ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker From b76884bde1f27fec5e1b7c426215ca92256fbc17 Mon Sep 17 00:00:00 2001 From: Guillaume Lours Date: Fri, 3 Apr 2020 10:38:52 +0200 Subject: [PATCH 091/126] Replace the default common commit by a specific one for cli and engine for DEB packaging Signed-off-by: Guillaume Lours --- pkg/docker-engine/deb/rules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index e914b61c..5d8705f8 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -9,12 +9,12 @@ override_dh_gencontrol: override_dh_auto_build: # Build the daemon and dependencies - cd engine && PRODUCT=docker ./hack/make.sh dynbinary + cd engine && DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) PRODUCT=docker ./hack/make.sh dynbinary cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh proxy dynamic # Build the CLI cd /go/src/github.com/docker/cli && \ - LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages + LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(CLI_GITCOMMIT) dynbinary manpages # Build the CLI plugins # Make sure to set LDFLAGS="" since, dpkg-buildflags sets it to some weird values set -e;cd /sources && \ From 2b02603b615e4dd4769929b8056b192ee633e8d9 Mon Sep 17 00:00:00 2001 From: Dmitry Makovey Date: Thu, 28 Nov 2019 10:56:11 -0700 Subject: [PATCH 092/126] RHEL8 iptables build fix (#410) add optional requirement for nftables on RHEL8+ derivatives (cherry picked from commit 1dce943c938eb326e94c96ac7cbe1939ce372cc6) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 3ed2b2e7..74223543 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -21,7 +21,11 @@ Requires: docker-ce-cli Requires: container-selinux >= 2:2.74 Requires: libseccomp >= 2.3 Requires: systemd +%if 0%{?rhel} >= 8 +Requires: ( iptables or nftables ) +%else Requires: iptables +%endif Requires: libcgroup Requires: containerd.io >= 1.2.2-3 Requires: tar From a2114bf254e78015ee9a826166cd093c7ae84723 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 27 May 2020 15:24:45 -0700 Subject: [PATCH 093/126] Downgrade "aufs-tools" and "cgroupfs-mount" to "Suggests" Signed-off-by: Tianon Gravi --- pkg/docker-engine/deb/control | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index a540fc20..c41afc76 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -28,14 +28,13 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any Depends: docker-ce-cli, containerd.io (>= 1.2.2-3), iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends} -Recommends: aufs-tools [amd64], - ca-certificates, - cgroupfs-mount | cgroup-lite, +Recommends: ca-certificates, git, pigz, xz-utils, libltdl7, ${apparmor:Recommends} +Suggests: aufs-tools [amd64], cgroupfs-mount | cgroup-lite Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs Replaces: docker-engine Description: Docker: the open-source application container engine From ffea7d1cfcad29e376a73c282fbed69d3ec7a7c7 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 30 Jun 2020 21:10:15 +0900 Subject: [PATCH 094/126] Add docker-ce-rootless-extras deb $ dpkg -c ./docker-ce-rootless-extras_0.0.0-20200611183532-31822ff745-0~ubuntu-eoan_amd64.deb drwxr-xr-x root/root 0 2020-06-12 15:55 ./ drwxr-xr-x root/root 0 2020-06-12 15:55 ./usr/ drwxr-xr-x root/root 0 2020-06-12 15:55 ./usr/bin/ -rwxr-xr-x root/root 11724 2020-06-12 15:55 ./usr/bin/dockerd-rootless-setuptool.sh -rwxr-xr-x root/root 3138 2020-06-12 15:55 ./usr/bin/dockerd-rootless.sh -rwxr-xr-x root/root 15741392 2020-06-12 15:55 ./usr/bin/rootlesskit -rwxr-xr-x root/root 9344264 2020-06-12 15:55 ./usr/bin/rootlesskit-docker-proxy drwxr-xr-x root/root 0 2020-06-12 15:55 ./usr/share/ drwxr-xr-x root/root 0 2020-06-12 15:55 ./usr/share/doc/ drwxr-xr-x root/root 0 2020-06-12 15:55 ./usr/share/doc/docker-ce-rootless-extras/ -rw-r--r-- root/root 160 2020-06-12 15:55 ./usr/share/doc/docker-ce-rootless-extras/changelog.Debian.gz NOTE: VPNKit is not included (yet), as it takes a lot of time for compilation. We could use prebuilt VPNKit binary as we use in the static tgz, but it is only available for amd64 and in Docker image currently. This is not problematic for Ubuntu >= 19.10 and Debian >= 11, because slirp4netns is apt-installable instead of VPNKit. Signed-off-by: Akihiro Suda --- pkg/docker-engine/deb/control | 18 ++++++++++++++++++ pkg/docker-engine/deb/rules | 8 ++++++++ 2 files changed, 26 insertions(+) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index c41afc76..bfd0f257 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -33,6 +33,7 @@ Recommends: ca-certificates, pigz, xz-utils, libltdl7, + docker-ce-rootless-extras, ${apparmor:Recommends} Suggests: aufs-tools [amd64], cgroupfs-mount | cgroup-lite Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs @@ -64,3 +65,20 @@ Description: Docker CLI: the open-source application container engine language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. + +Package: docker-ce-rootless-extras +Architecture: linux-any +Depends: docker-ce, ${shlibs:Depends} +Conflicts: rootlesskit +Replaces: rootlesskit +Breaks: rootlesskit +# slirp4netns (>= 0.4.0) is available in Debian since 11 and Ubuntu since 19.10 +Recommends: slirp4netns (>= 0.4.0) +# Unlike RPM, DEB packages do not contain "Recommends: fuse-overlayfs (>= 0.7.0)" here, +# because Debian (since 10) and Ubuntu support the kernel-mode rootless overlayfs. +Description: Rootless support for Docker. + Use dockerd-rootless.sh to run the daemon. + Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh . + This package contains RootlessKit, but does not contain VPNKit. + Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately. +Homepage: https://docs.docker.com/engine/security/rootless/ diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 5d8705f8..1e04b5f5 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -12,6 +12,7 @@ override_dh_auto_build: cd engine && DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) PRODUCT=docker ./hack/make.sh dynbinary cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh proxy dynamic + cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh rootlesskit dynamic # Build the CLI cd /go/src/github.com/docker/cli && \ LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(CLI_GITCOMMIT) dynbinary manpages @@ -49,6 +50,13 @@ override_dh_auto_install: install -D -m 0755 /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy install -D -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init + # docker-ce-rootless-extras install + install -D -m 0755 /usr/local/bin/rootlesskit debian/docker-ce-rootless-extras/usr/bin/rootlesskit + install -D -m 0755 /usr/local/bin/rootlesskit-docker-proxy debian/docker-ce-rootless-extras/usr/bin/rootlesskit-docker-proxy + install -D -m 0755 engine/contrib/dockerd-rootless.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless.sh + install -D -m 0755 engine/contrib/dockerd-rootless-setuptool.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless-setuptool.sh + # TODO: how can we install vpnkit? + override_dh_installinit: # use "docker" as our service name, not "docker-ce" dh_installinit --name=docker From c4c6cbc411be09d0ef7f455698efd13b58664d3d Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 8 Jul 2020 15:18:47 +0900 Subject: [PATCH 095/126] Add docker-ce-rootless-extras rpm Signed-off-by: Akihiro Suda --- .../rpm/docker-ce-rootless-extras.spec | 64 +++++++++++++++++++ pkg/docker-engine/rpm/docker-ce.spec | 1 + 2 files changed, 65 insertions(+) create mode 100644 pkg/docker-engine/rpm/docker-ce-rootless-extras.spec diff --git a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec new file mode 100644 index 00000000..e52cfeca --- /dev/null +++ b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec @@ -0,0 +1,64 @@ +%global debug_package %{nil} + +Name: docker-ce-rootless-extras +Version: %{_version} +Release: %{_release}%{?dist} +Epoch: 0 +Source0: engine.tgz +Summary: Rootless support for Docker +Group: Tools/Docker +License: ASL 2.0 +URL: https://docs.docker.com/engine/security/rootless/ +Vendor: Docker +Packager: Docker + +Requires: docker-ce +# slirp4netns >= 0.4 is available in the all supported versions of CentOS and Fedora. +Requires: slirp4netns >= 0.4 +# fuse-overlayfs >= 0.7 is available in the all supported versions of CentOS and Fedora. +Requires: fuse-overlayfs >= 0.7 + +BuildRequires: bash + +# conflicting packages +Conflicts: rootlesskit + +%description +Rootless support for Docker. +Use dockerd-rootless.sh to run the daemon. +Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh . +This package contains RootlessKit, but does not contain VPNKit. +Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately. + +%prep +%setup -q -c -n src -a 0 + +%build + +export DOCKER_GITCOMMIT=%{_gitcommit_engine} +mkdir -p /go/src/github.com/docker +ln -s ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker +TMP_GOPATH="/go" ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic + +%check +/usr/local/bin/rootlesskit -v + +%install +install -D -p -m 0755 engine/contrib/dockerd-rootless.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless.sh +install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless-setuptool.sh +install -D -p -m 0755 /usr/local/bin/rootlesskit ${RPM_BUILD_ROOT}%{_bindir}/rootlesskit +install -D -p -m 0755 /usr/local/bin/rootlesskit-docker-proxy ${RPM_BUILD_ROOT}%{_bindir}/rootlesskit-docker-proxy + +%files +%{_bindir}/dockerd-rootless.sh +%{_bindir}/dockerd-rootless-setuptool.sh +%{_bindir}/rootlesskit +%{_bindir}/rootlesskit-docker-proxy + +%post + +%preun + +%postun + +%changelog diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 74223543..11e80292 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -18,6 +18,7 @@ Vendor: Docker Packager: Docker Requires: docker-ce-cli +Requires: docker-ce-rootless-extras Requires: container-selinux >= 2:2.74 Requires: libseccomp >= 2.3 Requires: systemd From ce074caa01f76dbfc1b2fdff1011455ebff173de Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 23 Jul 2020 17:38:14 +0200 Subject: [PATCH 096/126] deb: add apparmor as "recommends" on Debian as well Debian did not have AppArmor available until Debian 7 "Wheezy", and not have it enabled by _default_ until Debian 10 "Buster". The packaging scripts did not add AppArmor as recommended dependency for that reason. Now that Debian 10 "Buster" is the current stable, and older releases reached EOL, we can remove the special handling for Debian/Ubuntu, and unconditionally add apparmor as a recommended dependency. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 2 +- pkg/docker-engine/deb/rules | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index bfd0f257..70aeff20 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -34,7 +34,7 @@ Recommends: ca-certificates, xz-utils, libltdl7, docker-ce-rootless-extras, - ${apparmor:Recommends} + apparmor Suggests: aufs-tools [amd64], cgroupfs-mount | cgroup-lite Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs Replaces: docker-engine diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 1e04b5f5..5e10188f 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -2,11 +2,6 @@ VERSION ?= $(shell cat engine/VERSION) -override_dh_gencontrol: - # if we're on Ubuntu, we need to Recommends: apparmor - echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-ce.substvars - dh_gencontrol - override_dh_auto_build: # Build the daemon and dependencies cd engine && DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) PRODUCT=docker ./hack/make.sh dynbinary From d242198ec083506450d6c24227247e90d2c2613b Mon Sep 17 00:00:00 2001 From: Isaiah Grace Date: Wed, 29 Jul 2020 17:13:04 -0400 Subject: [PATCH 097/126] systemd: add multi-user.target to After list Signed-off-by: Isaiah Grace --- pkg/docker-engine/common/systemd/docker.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 1be9bbab..a120c295 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -2,7 +2,7 @@ Description=Docker Application Container Engine Documentation=https://docs.docker.com BindsTo=containerd.service -After=network-online.target firewalld.service containerd.service +After=network-online.target firewalld.service containerd.service multi-user.target Wants=network-online.target Requires=docker.socket From 07d42d403d0a6c44afb2282b3c3da56ebbf579d2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 3 Aug 2020 10:41:24 +0200 Subject: [PATCH 098/126] deb: format deb/common/control with wrap-and-sort Formatted the file with the `wrap-and-sort` script, but kept the comments that are in the file (which are stripped by the wrap- and-sort script); https://manpages.debian.org/buster/devscripts/wrap-and-sort.1.en.html Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 70aeff20..1a50ef97 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -4,13 +4,13 @@ Priority: optional Maintainer: Docker Build-Depends: bash, bash-completion, - libbtrfs-dev | btrfs-tools, ca-certificates, cmake, dh-apparmor, dh-systemd, gcc, git, + libbtrfs-dev | btrfs-tools, libc-dev, libdevmapper-dev, libltdl-dev, @@ -27,16 +27,25 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any -Depends: docker-ce-cli, containerd.io (>= 1.2.2-3), iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends} -Recommends: ca-certificates, +Depends: containerd.io (>= 1.2.2-3), + docker-ce-cli, + iptables, + libseccomp2 (>= 2.3.0), + ${shlibs:Depends} +Recommends: apparmor, + ca-certificates, + docker-ce-rootless-extras, git, - pigz, - xz-utils, libltdl7, - docker-ce-rootless-extras, - apparmor + pigz, + xz-utils Suggests: aufs-tools [amd64], cgroupfs-mount | cgroup-lite -Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs +Conflicts: docker (<< 1.5~), + docker-engine, + docker-engine-cs, + docker.io, + lxc-docker, + lxc-docker-virtual-package Replaces: docker-engine Description: Docker: the open-source application container engine Docker is a product for you to build, ship and run any application as a @@ -52,7 +61,12 @@ Description: Docker: the open-source application container engine Package: docker-ce-cli Architecture: linux-any Depends: ${shlibs:Depends} -Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs +Conflicts: docker (<< 1.5~), + docker-engine, + docker-engine-cs, + docker.io, + lxc-docker, + lxc-docker-virtual-package Replaces: docker-ce (<< 5:0) Breaks: docker-ce (<< 5:0) Description: Docker CLI: the open-source application container engine From 2e84a4a9a54a1c35da6216b92f1dfc9c2d4642ee Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 15 Jul 2020 14:35:53 +0200 Subject: [PATCH 099/126] Update minimum containerd.io version to v1.3.0 The engine now defaults to the "io.containerd.runc.v2" shim, which is only available in containerd v1.3.0 and up. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 2 +- pkg/docker-engine/rpm/docker-ce.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 1a50ef97..f0eaa149 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -27,7 +27,7 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any -Depends: containerd.io (>= 1.2.2-3), +Depends: containerd.io (>= 1.3.0), docker-ce-cli, iptables, libseccomp2 (>= 2.3.0), diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 81085433..6cb8729c 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -29,7 +29,7 @@ Requires: ( iptables or nftables ) Requires: iptables %endif Requires: libcgroup -Requires: containerd.io >= 1.2.2-3 +Requires: containerd.io >= 1.3.0 Requires: tar Requires: xz From 93d3d4333c064d7457595d089d00f36db5a30a14 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 5 Oct 2020 18:52:35 +0200 Subject: [PATCH 100/126] systemd: set OOMScoreAdjust for dockerd dockerd currently sets the oom-score-adjust itself. This functionality was added when we did not yet run dockerd as a systemd service. Now that we do, it's better to instead have systemd handle this. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index a120c295..9c1d9e6d 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -42,6 +42,7 @@ Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process +OOMScoreAdjust=-500 [Install] WantedBy=multi-user.target From fa917ccc17f60cc48414e5fa7cc3ff5f8bccdfb1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 20 Oct 2020 12:59:13 +0200 Subject: [PATCH 101/126] Update minimum containerd.io version to v1.4.1 Docker v20.10 ships with containerd.io v1.4.x, so setting the minimum required version to v1.4.1 (current containerd.io release), as we won't test / support older versions of containerd (and runc). Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 2 +- pkg/docker-engine/rpm/docker-ce.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index f0eaa149..55ae518a 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -27,7 +27,7 @@ Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any -Depends: containerd.io (>= 1.3.0), +Depends: containerd.io (>= 1.4.1), docker-ce-cli, iptables, libseccomp2 (>= 2.3.0), diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 6cb8729c..d264189d 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -29,7 +29,7 @@ Requires: ( iptables or nftables ) Requires: iptables %endif Requires: libcgroup -Requires: containerd.io >= 1.3.0 +Requires: containerd.io >= 1.4.1 Requires: tar Requires: xz From f0e14522f07a184cf4070f482c0a60285fb8e9c5 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 20 Oct 2020 16:13:50 +0200 Subject: [PATCH 102/126] deb: set compat version to 10 Version 9 is deprecated: dh: warning: Compatibility levels before 10 are deprecated (level 9 in use) Debian "stretch" and up have debhelper 10.0.0 or above, so all versions we build for should support version 10 (or higher); https://packages.debian.org/search?suite=default§ion=all&arch=any&searchon=names&keywords=debhelper Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/compat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/compat b/pkg/docker-engine/deb/compat index ec635144..f599e28b 100644 --- a/pkg/docker-engine/deb/compat +++ b/pkg/docker-engine/deb/compat @@ -1 +1 @@ -9 +10 From b70133dbc360b7d28188afb435091184c6060676 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kosek?= Date: Tue, 9 Jul 2019 15:34:13 +0200 Subject: [PATCH 103/126] Do not "Bind" docker "To" containerd. relates to https://github.com/docker/for-linux/issues/678 When using the BindTo directive, Docker is permanently stopped by systemd when containerd is temporarily killed and restarted; Using `Requires` achieves mostly the same, but defines a weaker dependency; https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requires= > Requires= > > .. If this unit gets activated, the units listed will be activated as well. > If one of the other units fails to activate, and an ordering dependency > After= on the failing unit is set, this unit will not be started. Besides, > with or without specifying After=, this unit will be stopped if one of the > other units is explicitly stopped. We may want to look into using `Wants=` instead of `Requires=`, because that allows docker to continue running if containerd is restarted, quoting the systemd documentation: > Often, it is a better choice to use Wants= instead of Requires= in order > to achieve a system that is more robust when dealing with failing services. Given that docker will likely still fail if the containerd socket is not present, startup will fail if containerd is not running, but if containerd is restarted, the docker daemon may be able to try reconnecting. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 9c1d9e6d..0a6a3064 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -1,10 +1,9 @@ [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com -BindsTo=containerd.service After=network-online.target firewalld.service containerd.service multi-user.target Wants=network-online.target -Requires=docker.socket +Requires=docker.socket containerd.service [Service] Type=notify From f5a1445f9e5feb5276bfe098d141f4ff58e5bcff Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 19 Nov 2020 15:39:55 -0800 Subject: [PATCH 104/126] Add "procps" to daemon "Recommends" (for "docker top") Signed-off-by: Tianon Gravi --- pkg/docker-engine/deb/control | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 55ae518a..dca8e8d8 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -38,6 +38,7 @@ Recommends: apparmor, git, libltdl7, pigz, + procps, xz-utils Suggests: aufs-tools [amd64], cgroupfs-mount | cgroup-lite Conflicts: docker (<< 1.5~), From 9c85e283d80030ca946c1d3c000cea56e8f8bc7a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 10 Dec 2020 14:52:38 +0100 Subject: [PATCH 105/126] Revert "systemd: add multi-user.target to After list" This reverts commit d242198ec083506450d6c24227247e90d2c2613b, which caused the docker service to not be starting, or delayed starting the service in certain conditions. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 0a6a3064..94200804 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -1,7 +1,7 @@ [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com -After=network-online.target firewalld.service containerd.service multi-user.target +After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket containerd.service From 2890b733c6f75abbda7c335beae224ddf546f158 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 11 Jan 2021 18:09:00 +0100 Subject: [PATCH 106/126] deb: make dh-systemd dependency optional as it's deprecated dh-systemd has been integrated into debhelper, starting with version 9.20160709, and has been removed in Debian 11 "bullseye" This patch updates the control file to not require it as a dependency on current versions of debian that ship with that version of debhelper Related discussions: [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822670 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958585 Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 55ae518a..c4e7397c 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -7,7 +7,7 @@ Build-Depends: bash, ca-certificates, cmake, dh-apparmor, - dh-systemd, + debhelper (>= 10~) | dh-systemd, gcc, git, libbtrfs-dev | btrfs-tools, From 4d4a8bcedeb735975f0e2d7414a9fb1797531abc Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 12 Mar 2021 19:36:50 +0100 Subject: [PATCH 107/126] deb: change rootless-extras to "enhance", not "depend" on docker-ce Seen this error from a bug-report; dpkg: error processing package docker-ce (--configure): installed docker-ce package post-installation script subprocess returned error exit status 1 dpkg: dependency problems prevent configuration of docker-ce-rootless-extras: docker-ce-rootless-extras depends on docker-ce; however: Package docker-ce is not configured yet. dpkg: error processing package docker-ce-rootless-extras (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: docker-ce docker-ce-rootless-extras E: Sub-process /usr/bin/dpkg returned an error code (1) Looking through the possible options in the debian documantion: https://www.debian.org/doc/debian-policy/ch-relationships.html#binary-dependencies-depends-recommends-suggests-enhances-pre-depends We could pick `Pre-Depends` to wait with installing until `docker-ce` is fully installed and configured, but but that's quite a strong relation, and from the documentation: unlike with Depends, Pre-Depends does not permit circular dependencies to be broken. If a circular dependency is encountered while attempting to honor Pre-Depends, the installation will be aborted. To prevent installations from being aborted, I picked `Enhances`; Enhances This field is similar to Suggests but works in the opposite direction. It is used to declare that a package can enhance the functionality of another package. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index c4e7397c..42cdfc8e 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -82,7 +82,8 @@ Description: Docker CLI: the open-source application container engine Package: docker-ce-rootless-extras Architecture: linux-any -Depends: docker-ce, ${shlibs:Depends} +Depends: ${shlibs:Depends} +Enhances: docker-ce Conflicts: rootlesskit Replaces: rootlesskit Breaks: rootlesskit From 26a527b8a16a0c865c090129c533103d4cddb216 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 30 Mar 2021 14:40:46 +0200 Subject: [PATCH 108/126] deb: build separate deb for docker-scan Need to separate this more, because currently, it will inherit the package version from the cli/engine. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 10 ++++++++++ pkg/docker-engine/deb/rules | 17 +++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 4ac5e1d8..7347fa26 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -62,6 +62,8 @@ Description: Docker: the open-source application container engine Package: docker-ce-cli Architecture: linux-any Depends: ${shlibs:Depends} +# TODO change once we support scan-plugin on other architectures +Recommends: docker-scan-plugin [amd64] Conflicts: docker (<< 1.5~), docker-engine, docker-engine-cs, @@ -98,3 +100,11 @@ Description: Rootless support for Docker. This package contains RootlessKit, but does not contain VPNKit. Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately. Homepage: https://docs.docker.com/engine/security/rootless/ + +Package: docker-scan-plugin +Priority: optional +# TODO change once we support scan-plugin on other architectures (see dpkg-architecture -L) +Architecture: linux-amd64 +Enhances: docker-ce-cli +Description: Docker scan cli plugin. +Homepage: https://github.com/docker/scan-cli-plugin diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 5e10188f..c71f4926 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -1,6 +1,7 @@ #!/usr/bin/make -f VERSION ?= $(shell cat engine/VERSION) +TARGET_ARCH = $(shell dpkg-architecture -qDEB_TARGET_ARCH) override_dh_auto_build: # Build the daemon and dependencies @@ -11,6 +12,16 @@ override_dh_auto_build: # Build the CLI cd /go/src/github.com/docker/cli && \ LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(CLI_GITCOMMIT) dynbinary manpages + + # Build the scan-plugin + # TODO change once we support scan-plugin on other architectures + if [ "$(TARGET_ARCH)" = "amd64" ]; then \ + cd /go/src/github.com/docker/scan-cli-plugin \ + && PLATFORM_BINARY=docker-scan COMMIT=$(SCAN_GITCOMMIT) TAG_NAME=$(SCAN_VERSION) make native-build \ + && mkdir -p /usr/libexec/docker/cli-plugins/ \ + && mv bin/docker-scan /usr/libexec/docker/cli-plugins/; \ + fi + # Build the CLI plugins # Make sure to set LDFLAGS="" since, dpkg-buildflags sets it to some weird values set -e;cd /sources && \ @@ -45,6 +56,12 @@ override_dh_auto_install: install -D -m 0755 /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy install -D -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init + # docker-scan-plugin install + # TODO change once we support scan-plugin on other architectures + if [ "$(TARGET_ARCH)" = "amd64" ]; then \ + install -D -m 0755 /usr/libexec/docker/cli-plugins/docker-scan debian/docker-scan-plugin/usr/libexec/docker/cli-plugins/docker-scan; \ + fi + # docker-ce-rootless-extras install install -D -m 0755 /usr/local/bin/rootlesskit debian/docker-ce-rootless-extras/usr/bin/rootlesskit install -D -m 0755 /usr/local/bin/rootlesskit-docker-proxy debian/docker-ce-rootless-extras/usr/bin/rootlesskit-docker-proxy From 5b23db5177482e5996f8d70e8431ce3b6c1dacc3 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 31 Mar 2021 13:56:48 +0200 Subject: [PATCH 109/126] deb: separate docker-scan-plugin version from other versions Override the package version manually until we have properly separated the control files (etc.) for each package that we build. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/rules | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index c71f4926..2517fdbe 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -81,5 +81,14 @@ override_dh_install: # TODO Can we do this from within our container? dh_apparmor --profile-name=docker-ce -pdocker-ce +override_dh_gencontrol: + # Use separate version for the scan-plugin package, then generate the other control files as usual + # TODO override "Source" field in control as well (to point to scan-cli-plugin, as it doesn't match the package name) + # TODO change once we support scan-plugin on other architectures (see dpkg-architecture -L) + if [ "$(TARGET_ARCH)" = "amd64" ]; then \ + dh_gencontrol -pdocker-scan-plugin -- -v$${SCAN_VERSION#v}~$${DISTRO}-$${SUITE}; \ + fi + dh_gencontrol --remaining-packages + %: dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd) From d4d33f8d052e651c2230fd96a35faccca05fcf99 Mon Sep 17 00:00:00 2001 From: Makoto Mizukami Date: Thu, 4 Feb 2021 14:08:08 +0900 Subject: [PATCH 110/126] Always require iptables for libnetwork Signed-off-by: Makoto Mizukami --- pkg/docker-engine/rpm/docker-ce.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index d264189d..f4e60b1c 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -23,11 +23,7 @@ Requires: docker-ce-rootless-extras Requires: container-selinux >= 2:2.74 Requires: libseccomp >= 2.3 Requires: systemd -%if 0%{?rhel} >= 8 -Requires: ( iptables or nftables ) -%else Requires: iptables -%endif Requires: libcgroup Requires: containerd.io >= 1.4.1 Requires: tar From 441d0ca1ab9b3d8fca9e84f5525320de7456875c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 30 Jun 2021 09:59:54 +0200 Subject: [PATCH 111/126] Add libarchive build-dep to fix missing archive_write_add_filter_zstd Trying to fix + echo 'Install tini version de40ad007797e0dcd8b7126f27bb87401d224240' + git clone https://github.com/krallin/tini.git /go/tini Install tini version de40ad007797e0dcd8b7126f27bb87401d224240 Cloning into '/go/tini'... + cd /go/tini + git checkout -q de40ad007797e0dcd8b7126f27bb87401d224240 + cmake . cmake: symbol lookup error: cmake: undefined symbol: archive_write_add_filter_zstd error: Bad exit status from /var/tmp/rpm-tmp.Dl5CDf (%build) According to https://bugs.centos.org/view.php?id=18212, upgrading to libarchive-3.3.3-1.el8.x86_64 should resolve the problem. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit be536d3dc9339eadfb7870959c018722977bd080) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index f4e60b1c..64ea11f6 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -37,6 +37,7 @@ BuildRequires: device-mapper-devel BuildRequires: gcc BuildRequires: git BuildRequires: glibc-static +BuildRequires: libarchive BuildRequires: libseccomp-devel BuildRequires: libselinux-devel BuildRequires: libtool From 25e67f33f00c711226889f528ff21174e9b80cdb Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 2 Sep 2021 22:14:48 +0200 Subject: [PATCH 112/126] [20.10] fix systemd startup order This applies the same fix as was added in https://github.com/docker/docker/commit/fe68df36fc9c85ae30af9bf53a13e8af0534e613. The systemd unit only contained a `Requires=` for the `docker.socket`, but failed to add it to `After=`. The `Requires=` option only defines that a dependency must be present, but does not influence startup order. From the systemd docs: https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Wants= > Wants= > > (..) > Note that requirement dependencies do not influence the order in which services > are started or stopped. This has to be configured independently with the `After=` > or `Before=` options. (...) As a result, the `docker` service could start before the socket was created, and would fail to start. Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/common/systemd/docker.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/docker-engine/common/systemd/docker.service b/pkg/docker-engine/common/systemd/docker.service index 94200804..b5400bbb 100644 --- a/pkg/docker-engine/common/systemd/docker.service +++ b/pkg/docker-engine/common/systemd/docker.service @@ -1,7 +1,7 @@ [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com -After=network-online.target firewalld.service containerd.service +After=network-online.target docker.socket firewalld.service containerd.service Wants=network-online.target Requires=docker.socket containerd.service From afb12ef68f1a12af9eb33ace2015d95507ed70c5 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Oct 2021 00:08:11 +0200 Subject: [PATCH 113/126] deb: force dpkg-build to use xz compression instead of zstd Ubuntu 21.10 switched the default compression for .deb packages to use zstd. While this change may bring some performance improvement, it is non-standard, and not all deb-related tooling currently support zstd compression. One of those tools, dpkg-sig, has not (yet) been modified to support zstd compression; we use this tool to sign our packages (and verify that packages are signed), which currently fails if packages use zstd compression; dpkg-sig --verify ./containerd.io_1.4.11-1_amd64.deb Processing ./containerd.io_1.4.11-1_amd64.deb... BADSIG _gpgbuilder It should be noted that signing individual packages is *optional* [1], and that dpkg-sig has not received updates since 2006 [2] (possibly better replaced with debsigs / debsig-verify), but changing would be a potential breaking change, as these tools are not interchangeable [3] [1]: https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995113 [3]: https://raphaelhertzog.com/2010/09/17/how-to-create-debian-packages-with-alternative-compression-methods/ This patch hard-codes the compression to use in the debian rules, instead of using the default that's used by the distro. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit f6da2043563728ce481e93eaca9630255a50f0c2) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/rules | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 2517fdbe..55f2ac4d 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -3,6 +3,11 @@ VERSION ?= $(shell cat engine/VERSION) TARGET_ARCH = $(shell dpkg-architecture -qDEB_TARGET_ARCH) +# force packages to be built with xz compression, as Ubuntu 21.10 and up use +# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify' +override_dh_builddeb: + dh_builddeb -- -Zxz + override_dh_auto_build: # Build the daemon and dependencies cd engine && DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) PRODUCT=docker ./hack/make.sh dynbinary From 0e58a43b577792bfd5d4266fdc7fb50ba57954b4 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 27 Aug 2021 15:26:38 +0900 Subject: [PATCH 114/126] Require `dbus-user-session` for rootless On Debian, `dbus-user-session` is not installed by default. The lack of `dbus-user-session` results in a cryptic error on rootless+cgroup2+systemd: `read unix @->/run/systemd/private: read: connection reset by peer: unknown.` ref: moby/moby issue 42793 Signed-off-by: Akihiro Suda (cherry picked from commit 351f27969b240a4175b5127fe7ca7736b9183c52) Signed-off-by: Akihiro Suda --- pkg/docker-engine/deb/control | 3 ++- pkg/docker-engine/rpm/docker-ce-rootless-extras.spec | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index 7347fa26..e16a2152 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -85,7 +85,8 @@ Description: Docker CLI: the open-source application container engine Package: docker-ce-rootless-extras Architecture: linux-any -Depends: ${shlibs:Depends} +Depends: dbus-user-session, + ${shlibs:Depends} Enhances: docker-ce Conflicts: rootlesskit Replaces: rootlesskit diff --git a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec index e52cfeca..ed268846 100644 --- a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec +++ b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec @@ -13,6 +13,7 @@ Vendor: Docker Packager: Docker Requires: docker-ce +# TODO: conditionally add `Requires: dbus-daemon` for Fedora and CentOS 8 # slirp4netns >= 0.4 is available in the all supported versions of CentOS and Fedora. Requires: slirp4netns >= 0.4 # fuse-overlayfs >= 0.7 is available in the all supported versions of CentOS and Fedora. From 3acd62ea17bc09c5ab1967bc1865dafe23d0c860 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 6 Sep 2021 09:36:41 +0200 Subject: [PATCH 115/126] Add workaround for CentOS 7 not working without GOPROXY This fix was previously included in the rootlesskit install script in moby, but should've been addressed by Go 1.14 and up. Unfortunately, this does not appear the case, and go modules without proxy is still broken on older versions of git, such as the version of git used by CentOS 7. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 7cbbf1bc8bb8d6b77e61d941e29ad561fcc1e82c) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce-rootless-extras.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec index ed268846..43ad64a4 100644 --- a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec +++ b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec @@ -39,7 +39,10 @@ Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately. export DOCKER_GITCOMMIT=%{_gitcommit_engine} mkdir -p /go/src/github.com/docker ln -s ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker -TMP_GOPATH="/go" ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic +# Using goproxy instead of "direct" to work around an issue in go mod not +# working with older git versions (default version on CentOS 7 is git 1.8), +# see https://github.com/golang/go/issues/38373 +TMP_GOPATH="/go" GOPROXY="https://proxy.golang.org" ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic %check /usr/local/bin/rootlesskit -v From 0a5bbccfeeab7ce33fcb2bc55a8be1e1f43581a2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 7 Mar 2022 17:26:42 +0100 Subject: [PATCH 116/126] CentOS 7: use go-proxy to work around old git version CentOS 7 comes with a very old (1.8) version of git, which is not compatible with go modules. We previously applied this fix to individual build scripts for rootless-extras and the scan-cli-plugin, but now that other bits are failing as well, lets move this to the Dockerfile for this distro, so that for other distros we can use "direct" and fetch from GitHub. Without this, the build of docker/cli (master branch) failed with: + ./scripts/vendor init + go mod edit -modfile=vendor.mod -require=github.com/cpuguy83/go-md2man/v2@v2.0.1 + cp man/tools.go . + ./scripts/vendor update + go mod tidy -modfile=vendor.mod go: github.com/theupdateframework/notary@v0.7.1-0.20210315103452-bf96a202a09a requires github.com/docker/go@v1.5.1-1.0.20160303222718-d30aec9fd63c: invalid pseudo-version: git fetch --unshallow -f origin in /go/pkg/mod/cache/vcs/48fbd2dfabec81f4c93170677bfc89087d4bec07a2d08f6ca5ce3d17962677ee: exit status 128: fatal: git fetch-pack: expected shallow list make: *** [manpages] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.aKncVr (%build) Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 49792a80585fa3751b6dbb1101e180ce09dd4c0a) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce-rootless-extras.spec | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec index 43ad64a4..ed268846 100644 --- a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec +++ b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec @@ -39,10 +39,7 @@ Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately. export DOCKER_GITCOMMIT=%{_gitcommit_engine} mkdir -p /go/src/github.com/docker ln -s ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker -# Using goproxy instead of "direct" to work around an issue in go mod not -# working with older git versions (default version on CentOS 7 is git 1.8), -# see https://github.com/golang/go/issues/38373 -TMP_GOPATH="/go" GOPROXY="https://proxy.golang.org" ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic +TMP_GOPATH="/go" ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic %check /usr/local/bin/rootlesskit -v From aba38f9dea7c4bb4f4407666e68545a1bf9f6cf4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 2 Jun 2021 14:51:02 +0200 Subject: [PATCH 117/126] Add checks for binary versions set through build-time variables Make sure that these versions are set, and match the expected versions DEB: debian/rules override_dh_auto_test make[1]: Entering directory '/root/build-deb' ver="$(engine/bundles/dynbinary-daemon/dockerd --version)"; \ test "$ver" = "Docker version 0.0.0-20210531142756-1c174ced, build 7c6a9484" && echo "PASS: daemon version OK" || echo "FAIL: daemon version ($ver) did not match" PASS: daemon version OK ver="$(cli/build/docker --version)"; \ test "$ver" = "Docker version 0.0.0-20210531142756-1c174ced, build 1c174ced" && echo "PASS: cli version OK" || echo "FAIL: cli version ($ver) did not match" PASS: cli version OK # FIXME: --version currently doesn't work as it makes a connection to the daemon, so using the plugin metadata instead ver="$(/usr/libexec/docker/cli-plugins/docker-scan docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \ test "$ver" = "v0.8.0" && echo "PASS: docker-scan version OK" || echo "FAIL: docker-scan version ($ver) did not match" PASS: docker-scan version OK RPM: Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.SIDNvr + umask 022 + cd /root/rpmbuild/BUILD + cd src ++ engine/bundles/dynbinary-daemon/dockerd --version + ver='Docker version 0.0.0-20210531142756-1c174ced, build 7c6a9484' + test 'Docker version 0.0.0-20210531142756-1c174ced, build 7c6a9484' = 'Docker version 0.0.0-20210531142756-1c174ced, build 7c6a9484' + echo 'PASS: daemon version OK' + exit 0 PASS: daemon version OK ... Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.jKzBxw + umask 022 + cd /root/rpmbuild/BUILD + cd src ++ cli/build/docker --version PASS: cli version OK + ver='Docker version 0.0.0-20210531142756-1c174ced, build 1c174ced' + test 'Docker version 0.0.0-20210531142756-1c174ced, build 1c174ced' = 'Docker version 0.0.0-20210531142756-1c174ced, build 1c174ced' + echo 'PASS: cli version OK' + exit 0 ... Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.5KN9vp + umask 022 + cd /root/rpmbuild/BUILD + cd src ++ /root/rpmbuild/BUILDROOT/docker-scan-plugin-0.8.0-0.el8.x86_64/usr/libexec/docker/cli-plugins/docker-scan docker-cli-plugin-metadata ++ awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }' PASS: docker-scan version OK + ver=v0.8.0 + test v0.8.0 = v0.8.0 + echo 'PASS: docker-scan version OK' + exit 0 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 2ad75f5e9d3c0af6722ecdfcd0a80930f2f8950c) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/rules | 11 +++++++++-- pkg/docker-engine/rpm/docker-ce.spec | 3 ++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 55f2ac4d..4440c7fb 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -36,8 +36,15 @@ override_dh_auto_build: done override_dh_auto_test: - ./engine/bundles/dynbinary-daemon/dockerd -v - ./cli/build/docker -v + ver="$$(engine/bundles/dynbinary-daemon/dockerd --version)"; \ + test "$$ver" = "Docker version $(VERSION), build $(ENGINE_GITCOMMIT)" && echo "PASS: daemon version OK" || echo "FAIL: daemon version ($$ver) did not match" + + ver="$$(cli/build/docker --version)"; \ + test "$$ver" = "Docker version $(VERSION), build $(CLI_GITCOMMIT)" && echo "PASS: cli version OK" || echo "FAIL: cli version ($$ver) did not match" + + # FIXME: --version currently doesn't work as it makes a connection to the daemon, so using the plugin metadata instead + ver="$$(/usr/libexec/docker/cli-plugins/docker-scan docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \ + test "$$ver" = "$(SCAN_VERSION)" && echo "PASS: docker-scan version OK" || echo "FAIL: docker-scan version ($$ver) did not match" override_dh_strip: # Go has lots of problems with stripping, so just don't diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 64ea11f6..a943eff4 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -89,7 +89,8 @@ VERSION=%{_origversion} PRODUCT=docker hack/make.sh dynbinary popd %check -engine/bundles/dynbinary-daemon/dockerd -v +ver="$(engine/bundles/dynbinary-daemon/dockerd --version)"; \ + test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || echo "FAIL: daemon version ($ver) did not match" %install # install daemon binary From 6a6cf7998341328e1d7d59867daa8b1463d74d84 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 3 Jul 2021 17:04:09 +0200 Subject: [PATCH 118/126] Fix binary version checks masking failure exit code Commit 2ad75f5e9d3c0af6722ecdfcd0a80930f2f8950c added a check for binary version set through build-time variables, but I messed up, and forgot to add a non-zero exit code. As a result the exit code was the exit code of the "echo", which would always be successful. This also revealed a missing check for "target architecture": the scan cli plugin is only built on x86, so the version check should not be performed on other architectures. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 4ba2b65ec3b65803aa686264b921a08b5e30f066) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/rules | 11 +++++++---- pkg/docker-engine/rpm/docker-ce.spec | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 4440c7fb..db12f217 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -37,14 +37,17 @@ override_dh_auto_build: override_dh_auto_test: ver="$$(engine/bundles/dynbinary-daemon/dockerd --version)"; \ - test "$$ver" = "Docker version $(VERSION), build $(ENGINE_GITCOMMIT)" && echo "PASS: daemon version OK" || echo "FAIL: daemon version ($$ver) did not match" + test "$$ver" = "Docker version $(VERSION), build $(ENGINE_GITCOMMIT)" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($$ver) did not match" && exit 1) ver="$$(cli/build/docker --version)"; \ - test "$$ver" = "Docker version $(VERSION), build $(CLI_GITCOMMIT)" && echo "PASS: cli version OK" || echo "FAIL: cli version ($$ver) did not match" + test "$$ver" = "Docker version $(VERSION), build $(CLI_GITCOMMIT)" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($$ver) did not match" && exit 1) # FIXME: --version currently doesn't work as it makes a connection to the daemon, so using the plugin metadata instead - ver="$$(/usr/libexec/docker/cli-plugins/docker-scan docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \ - test "$$ver" = "$(SCAN_VERSION)" && echo "PASS: docker-scan version OK" || echo "FAIL: docker-scan version ($$ver) did not match" + # TODO change once we support scan-plugin on other architectures + if [ "$(TARGET_ARCH)" = "amd64" ]; then \ + ver="$$(/usr/libexec/docker/cli-plugins/docker-scan docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \ + test "$$ver" = "$(SCAN_VERSION)" && echo "PASS: docker-scan version OK" || (echo "FAIL: docker-scan version ($$ver) did not match" && exit 1); \ + fi override_dh_strip: # Go has lots of problems with stripping, so just don't diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index a943eff4..35346717 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -90,7 +90,7 @@ popd %check ver="$(engine/bundles/dynbinary-daemon/dockerd --version)"; \ - test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || echo "FAIL: daemon version ($ver) did not match" + test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1) %install # install daemon binary From 1e8e8dc50d616a1e452962f46c24b3858181dc81 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 8 Mar 2022 10:26:37 +0100 Subject: [PATCH 119/126] rpmlint: fix "E: description-line-too-long" Fixes an error reported by rpmlint: docker-ce.x86_64: E: description-line-too-long they can run anywhere, from your laptop to the largest cloud compute instance and docker-ce-cli.x86_64: E: description-line-too-long they can run anywhere, from your laptop to the largest cloud compute instance and Your description lines must not exceed 80 characters. If a line is exceeding this number, cut it to fit in two lines. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit d78178a3f5d293f9d28cb501bf9b460ccbad1b78) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/rpm/docker-ce.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index 35346717..bdb6817a 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -66,8 +66,8 @@ Docker is a product for you to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means -they can run anywhere, from your laptop to the largest cloud compute instance and -everything in between - and they don't require you to use a particular +they can run anywhere, from your laptop to the largest cloud compute instance +and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. From 4bd4b855011119e9dc9a85ddafdfe32922dba24c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 3 Jul 2021 13:01:16 +0200 Subject: [PATCH 120/126] deb: add docker-compose-plugin package Adds a deb package for the docker-compose cli plugin with this: dpkg -i ./docker-ce-cli_0.0.0-20210629140245-4a6fe51-0~ubuntu-focal_amd64.deb dpkg -i ./docker-compose-plugin_2.3.1.3~ubuntu-focal_amd64.deb docker info --format '{{json .ClientInfo.Plugins}}' | jq . [ { "SchemaVersion": "0.1.0", "Vendor": "Docker Inc.", "Version": "v0.5.1-docker", "ShortDescription": "Build with BuildKit", "Name": "buildx", "Path": "/usr/libexec/docker/cli-plugins/docker-buildx" }, { "SchemaVersion": "0.1.0", "Vendor": "Docker Inc.", "Version": "v2.3.1", "ShortDescription": "Docker Compose", "Name": "compose", "Path": "/usr/libexec/docker/cli-plugins/docker-compose" } ] Signed-off-by: Sebastiaan van Stijn (cherry picked from commit c3cb530be3b5c8b0c2da185950c96fb3addbe8fb) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/control | 12 ++++++++++++ pkg/docker-engine/deb/rules | 19 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control index e16a2152..a9cd38b1 100644 --- a/pkg/docker-engine/deb/control +++ b/pkg/docker-engine/deb/control @@ -102,6 +102,18 @@ Description: Rootless support for Docker. Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately. Homepage: https://docs.docker.com/engine/security/rootless/ +Package: docker-compose-plugin +Priority: optional +Architecture: linux-any +Enhances: docker-ce-cli +Description: Docker Compose (V2) plugin for the Docker CLI. + . + This plugin provides the 'docker compose' subcommand. + . + The binary can also be run standalone as a direct replacement for + Docker Compose V1 ('docker-compose'). +Homepage: https://github.com/docker/compose + Package: docker-scan-plugin Priority: optional # TODO change once we support scan-plugin on other architectures (see dpkg-architecture -L) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index db12f217..cd52215e 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -18,6 +18,15 @@ override_dh_auto_build: cd /go/src/github.com/docker/cli && \ LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(CLI_GITCOMMIT) dynbinary manpages + # Build the compose plugin + # FIXME: using GOPROXY, to work around: + # go: github.com/Azure/azure-sdk-for-go@v48.2.0+incompatible: reading github.com/Azure/azure-sdk-for-go/go.mod at revision v48.2.0: unknown revision v48.2.0 + cd /go/src/github.com/docker/compose \ + && GOPROXY="https://proxy.golang.org" GO111MODULE=on go mod download \ + && mkdir -p /usr/libexec/docker/cli-plugins/ \ + && GOPROXY="https://proxy.golang.org" GO111MODULE=on GIT_TAG=$(COMPOSE_VERSION) \ + make COMPOSE_BINARY=/usr/libexec/docker/cli-plugins/docker-compose -f builder.Makefile compose-plugin + # Build the scan-plugin # TODO change once we support scan-plugin on other architectures if [ "$(TARGET_ARCH)" = "amd64" ]; then \ @@ -42,6 +51,9 @@ override_dh_auto_test: ver="$$(cli/build/docker --version)"; \ test "$$ver" = "Docker version $(VERSION), build $(CLI_GITCOMMIT)" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($$ver) did not match" && exit 1) + ver="$$(/usr/libexec/docker/cli-plugins/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \ + test "$$ver" = "$(COMPOSE_VERSION)" && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($$ver) did not match" && exit 1) + # FIXME: --version currently doesn't work as it makes a connection to the daemon, so using the plugin metadata instead # TODO change once we support scan-plugin on other architectures if [ "$(TARGET_ARCH)" = "amd64" ]; then \ @@ -71,6 +83,9 @@ override_dh_auto_install: install -D -m 0755 /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy install -D -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init + # docker-compose-plugin install + install -D -m 0755 /usr/libexec/docker/cli-plugins/docker-compose debian/docker-compose-plugin/usr/libexec/docker/cli-plugins/docker-compose + # docker-scan-plugin install # TODO change once we support scan-plugin on other architectures if [ "$(TARGET_ARCH)" = "amd64" ]; then \ @@ -97,6 +112,10 @@ override_dh_install: dh_apparmor --profile-name=docker-ce -pdocker-ce override_dh_gencontrol: + # Use separate version for the compose-plugin package, then generate the other control files as usual + # TODO override "Source" field in control as well (to point to compose, as it doesn't match the package name) + dh_gencontrol -pdocker-compose-plugin -- -v$${COMPOSE_VERSION#v}~$${DISTRO}-$${SUITE} + # Use separate version for the scan-plugin package, then generate the other control files as usual # TODO override "Source" field in control as well (to point to scan-cli-plugin, as it doesn't match the package name) # TODO change once we support scan-plugin on other architectures (see dpkg-architecture -L) From 8e961c6cd57fe7c0b794674db9283f0a1229d1e5 Mon Sep 17 00:00:00 2001 From: Romain Geissler Date: Mon, 7 Mar 2022 09:04:41 +0000 Subject: [PATCH 121/126] Build for CentOS 9. Signed-off-by: Romain Geissler --- pkg/docker-engine/rpm/docker-ce.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index bdb6817a..f7591f69 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -1,7 +1,9 @@ %global debug_package %{nil} # BTRFS is enabled by default, but can be disabled by defining _without_btrfs -%{!?_with_btrfs: %{!?_without_btrfs: %define _with_btrfs 1}} +%if %{undefined _with_btrfs} && %{undefined _without_btrfs} +%define _with_btrfs 1 +%endif Name: docker-ce Version: %{_version} @@ -24,7 +26,10 @@ Requires: container-selinux >= 2:2.74 Requires: libseccomp >= 2.3 Requires: systemd Requires: iptables +%if %{undefined rhel} || 0%{?rhel} < 9 +# Libcgroup is no longer available in RHEL/CentOS >= 9 distros. Requires: libcgroup +%endif Requires: containerd.io >= 1.4.1 Requires: tar Requires: xz From 06262623c673c292b317b54c0457957e499ee984 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 20 Aug 2022 12:10:26 +0200 Subject: [PATCH 122/126] deb, rpm: inline go build for compose The build.Makefile was removed from the compose repository, so copying the code to build the plugin here. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 6e3a1ee3e261c0a1bb55fd74cd18a6c301a19660) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/rules | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index cd52215e..a3b79a47 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -24,8 +24,13 @@ override_dh_auto_build: cd /go/src/github.com/docker/compose \ && GOPROXY="https://proxy.golang.org" GO111MODULE=on go mod download \ && mkdir -p /usr/libexec/docker/cli-plugins/ \ - && GOPROXY="https://proxy.golang.org" GO111MODULE=on GIT_TAG=$(COMPOSE_VERSION) \ - make COMPOSE_BINARY=/usr/libexec/docker/cli-plugins/docker-compose -f builder.Makefile compose-plugin + && GOPROXY="https://proxy.golang.org" GO111MODULE=on \ + CGO_ENABLED=0 \ + go build \ + -trimpath \ + -ldflags="-s -w -X github.com/docker/compose/v2/internal.Version=$(COMPOSE_VERSION)" \ + -o "/usr/libexec/docker/cli-plugins/docker-compose" \ + ./cmd # Build the scan-plugin # TODO change once we support scan-plugin on other architectures From a70902acdd2820c86857dab67cd41e969f1fdee1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 20 Aug 2022 13:31:55 +0200 Subject: [PATCH 123/126] Update GOPROXY to use default with fallback Use the default proxy, to assist with LTS distros that use old git versions but fallback on any error (instead of only on 404 and 410). From the Go documentation; https://go.dev/ref/mod#goproxy-protocol > List elements may be separated by commas (,) or pipes (|), which determine error > fallback behavior. When a URL is followed by a comma, the go command falls back > to later sources only after a 404 (Not Found) or 410 (Gone) response. When a URL > is followed by a pipe, the go command falls back to later sources after any error, > including non-HTTP errors such as timeouts. This error handling behavior lets a > proxy act as a gatekeeper for unknown modules. For example, a proxy could respond > with error 403 (Forbidden) for modules not on an approved list (see Private proxy > serving private modules). Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 96a51c7103a81e7d9d2b00efb9095dec975390e5) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/rules | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index a3b79a47..debd0f72 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -19,12 +19,10 @@ override_dh_auto_build: LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(CLI_GITCOMMIT) dynbinary manpages # Build the compose plugin - # FIXME: using GOPROXY, to work around: - # go: github.com/Azure/azure-sdk-for-go@v48.2.0+incompatible: reading github.com/Azure/azure-sdk-for-go/go.mod at revision v48.2.0: unknown revision v48.2.0 cd /go/src/github.com/docker/compose \ - && GOPROXY="https://proxy.golang.org" GO111MODULE=on go mod download \ + && GO111MODULE=on go mod download \ && mkdir -p /usr/libexec/docker/cli-plugins/ \ - && GOPROXY="https://proxy.golang.org" GO111MODULE=on \ + && GO111MODULE=on \ CGO_ENABLED=0 \ go build \ -trimpath \ From 596c664ed9ce695b15074d580235695a126ee542 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 24 Aug 2022 00:53:20 +0200 Subject: [PATCH 124/126] compose: use updated makefile compose v2.10.1 comes with an updated Makefile, allowing us again to use the makefile for building as part of the rpm/deb scripts. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 5af336e3a0273bd0ee4db9c2ea8bef6b791459ab) Signed-off-by: Sebastiaan van Stijn --- pkg/docker-engine/deb/rules | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index debd0f72..3e35254a 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -20,15 +20,7 @@ override_dh_auto_build: # Build the compose plugin cd /go/src/github.com/docker/compose \ - && GO111MODULE=on go mod download \ - && mkdir -p /usr/libexec/docker/cli-plugins/ \ - && GO111MODULE=on \ - CGO_ENABLED=0 \ - go build \ - -trimpath \ - -ldflags="-s -w -X github.com/docker/compose/v2/internal.Version=$(COMPOSE_VERSION)" \ - -o "/usr/libexec/docker/cli-plugins/docker-compose" \ - ./cmd + && make VERSION=$(COMPOSE_VERSION) DESTDIR=/usr/libexec/docker/cli-plugins build # Build the scan-plugin # TODO change once we support scan-plugin on other architectures From 9d4f3659de76a8f5b75ae911639fb985b1f0aae4 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Sun, 4 Sep 2022 21:25:02 +0200 Subject: [PATCH 125/126] docker-engine package Signed-off-by: CrazyMax --- .github/workflows/build.yml | 1 + common/vars.mk | 2 + pkg/docker-engine/.dockerignore | 1 + pkg/docker-engine/.gitignore | 1 + pkg/docker-engine/Dockerfile | 335 ++++++++++++++++++ pkg/docker-engine/Makefile | 38 ++ pkg/docker-engine/deb/control | 52 +-- pkg/docker-engine/deb/docs | 2 +- pkg/docker-engine/deb/rules | 90 +---- pkg/docker-engine/docker-bake.hcl | 161 +++++++++ .../rpm/docker-ce-rootless-extras.spec | 6 +- pkg/docker-engine/rpm/docker-ce.spec | 31 +- 12 files changed, 567 insertions(+), 153 deletions(-) create mode 100644 pkg/docker-engine/.dockerignore create mode 100644 pkg/docker-engine/.gitignore create mode 100644 pkg/docker-engine/Dockerfile create mode 100644 pkg/docker-engine/Makefile create mode 100644 pkg/docker-engine/docker-bake.hcl diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5f78fbd0..d825166b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,6 +29,7 @@ jobs: fail-fast: false matrix: name: + - docker-engine - docker-cli - buildx - compose diff --git a/common/vars.mk b/common/vars.mk index 1051cb10..008ac4ab 100644 --- a/common/vars.mk +++ b/common/vars.mk @@ -20,11 +20,13 @@ export GO_IMAGE_VARIANT ?= buster export PKG_VENDOR ?= Docker export PKG_PACKAGER ?= Docker +export DOCKER_ENGINE_REPO ?= https://github.com/docker/docker.git export DOCKER_CLI_REPO ?= https://github.com/docker/cli.git export BUILDX_REPO ?= https://github.com/docker/buildx.git export COMPOSE_REPO ?= https://github.com/docker/compose.git export CREDENTIAL_HELPERS_REPO ?= https://github.com/docker/docker-credential-helpers.git +export DOCKER_ENGINE_VERSION ?= v20.10.17 export DOCKER_CLI_VERSION ?= v20.10.17 export BUILDX_VERSION ?= v0.9.1 export COMPOSE_VERSION ?= v2.10.2 diff --git a/pkg/docker-engine/.dockerignore b/pkg/docker-engine/.dockerignore new file mode 100644 index 00000000..5e56e040 --- /dev/null +++ b/pkg/docker-engine/.dockerignore @@ -0,0 +1 @@ +/bin diff --git a/pkg/docker-engine/.gitignore b/pkg/docker-engine/.gitignore new file mode 100644 index 00000000..5e56e040 --- /dev/null +++ b/pkg/docker-engine/.gitignore @@ -0,0 +1 @@ +/bin diff --git a/pkg/docker-engine/Dockerfile b/pkg/docker-engine/Dockerfile new file mode 100644 index 00000000..e5d0b9c2 --- /dev/null +++ b/pkg/docker-engine/Dockerfile @@ -0,0 +1,335 @@ +# syntax=docker/dockerfile:1 + +# Copyright 2022 Docker Packaging authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG XX_VERSION="1.1.2" +ARG ALPINE_VERSION="3.16" +ARG DEBIAN_FRONTEND="noninteractive" + +# go +ARG GO_IMAGE="golang" +ARG GO_VERSION="1.18.5" +ARG GO_IMAGE_VARIANT="buster" + +# pkg matrix +ARG PKG_RELEASE="debian11" +ARG PKG_TYPE="deb" +ARG PKG_DISTRO="debian" +ARG PKG_SUITE="bullseye" +ARG PKG_BASE_IMAGE="debian:bullseye" + +# deb specific +ARG PKG_DEB_EPOCH="5" +ARG PKG_DEB_REVISION="0" + +# rpm specific +ARG PKG_RPM_RELEASE="1" + +# cross compilation helper +FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx + +# osxcross contains the MacOSX SDK for xx +FROM dockercore/golang-cross:xx-sdk-extras AS osxsdk + +# go base image to retrieve /usr/local/go +FROM --platform=$BUILDPLATFORM ${GO_IMAGE}:${GO_VERSION}-${GO_IMAGE_VARIANT} AS go + +# dummy stage for unsupported platforms +FROM --platform=$BUILDPLATFORM busybox AS builder-dummy +RUN mkdir -p /out +FROM scratch AS build-dummy +COPY --from=builder-dummy /out /out + +# base stage for fetching sources and create final release +FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS base +RUN apk add --no-cache bash curl file git zip tar + +FROM base AS src +WORKDIR /src +ARG DOCKER_ENGINE_REPO +RUN git init . && git remote add origin "${DOCKER_ENGINE_REPO}" +ARG DOCKER_ENGINE_VERSION +RUN git fetch origin "${DOCKER_ENGINE_VERSION}" +refs/heads/*:refs/remotes/origin/* +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD + +FROM base AS src-tgz +RUN --mount=from=src,source=/src,target=/engine \ + mkdir /out && tar -C / -zcf /out/engine.tgz --exclude .git engine + +# deb +FROM --platform=$BUILDPLATFORM ${PKG_BASE_IMAGE} AS build-base-deb +COPY --from=xx / / +ARG DEBIAN_FRONTEND +RUN apt-get update && apt-get install -y bash curl devscripts equivs git +ENV GOPROXY="https://proxy.golang.org|direct" +ENV GOPATH="/go" +ENV GO111MODULE="off" +ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin" +ENV DOCKER_BUILDTAGS apparmor seccomp selinux +ENV RUNC_BUILDTAGS apparmor seccomp selinux +ARG PKG_RELEASE +RUN < "debian/changelog" <<-EOF +docker-ce (${PKG_DEB_EPOCH}$([ -n "$PKG_DEB_EPOCH" ] && echo ":")${debVersion}-${PKG_DEB_REVISION}) $PKG_SUITE; urgency=low + * Version: $DOCKER_ENGINE_VERSION + -- $(awk -F ': ' '$1 == "Maintainer" { print $2; exit }' debian/control) $(date --rfc-2822) +EOF + xx-go --wrap + set -x + chmod -x debian/compat debian/control debian/docs + dpkg-buildpackage -us -uc + pkgoutput="/out/${PKG_DISTRO}/${PKG_SUITE}/$(xx-info arch)" + if [ -n "$(xx-info variant)" ]; then + pkgoutput="${pkgoutput}/$(xx-info variant)" + fi + mkdir -p "${pkgoutput}" + cp /root/docker* ${pkgoutput}/ +EOT + +FROM build-dummy AS builder-deb-darwin +FROM build-deb AS builder-deb-linux +FROM build-dummy AS builder-deb-windows +FROM builder-deb-${TARGETOS} AS builder-deb + +# rpm +FROM --platform=$BUILDPLATFORM ${PKG_BASE_IMAGE} AS build-base-rpm +COPY --from=xx / / +ENV GOPROXY="https://proxy.golang.org|direct" +ENV GOPATH="/go" +ENV GO111MODULE="off" +ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin" +ENV DOCKER_BUILDTAGS seccomp selinux +ENV RUNC_BUILDTAGS seccomp selinux +ARG PKG_RELEASE +RUN < +Homepage: https://www.docker.com +Vcs-Browser: https://github.com/docker/docker +Vcs-Git: git://github.com/docker/docker.git +Standards-Version: 3.9.6 Build-Depends: bash, bash-completion, ca-certificates, @@ -20,10 +24,6 @@ Build-Depends: bash, libtool, make, pkg-config -Standards-Version: 3.9.6 -Homepage: https://www.docker.com -Vcs-Browser: https://github.com/docker/docker -Vcs-Git: git://github.com/docker/docker.git Package: docker-ce Architecture: linux-any @@ -59,30 +59,6 @@ Description: Docker: the open-source application container engine for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. -Package: docker-ce-cli -Architecture: linux-any -Depends: ${shlibs:Depends} -# TODO change once we support scan-plugin on other architectures -Recommends: docker-scan-plugin [amd64] -Conflicts: docker (<< 1.5~), - docker-engine, - docker-engine-cs, - docker.io, - lxc-docker, - lxc-docker-virtual-package -Replaces: docker-ce (<< 5:0) -Breaks: docker-ce (<< 5:0) -Description: Docker CLI: the open-source application container engine - Docker is a product for you to build, ship and run any application as a - lightweight container - . - Docker containers are both hardware-agnostic and platform-agnostic. This means - they can run anywhere, from your laptop to the largest cloud compute instance and - everything in between - and they don't require you to use a particular - language, framework or packaging system. That makes them great building blocks - for deploying and scaling web apps, databases, and backend services without - depending on a particular stack or provider. - Package: docker-ce-rootless-extras Architecture: linux-any Depends: dbus-user-session, @@ -101,23 +77,3 @@ Description: Rootless support for Docker. This package contains RootlessKit, but does not contain VPNKit. Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately. Homepage: https://docs.docker.com/engine/security/rootless/ - -Package: docker-compose-plugin -Priority: optional -Architecture: linux-any -Enhances: docker-ce-cli -Description: Docker Compose (V2) plugin for the Docker CLI. - . - This plugin provides the 'docker compose' subcommand. - . - The binary can also be run standalone as a direct replacement for - Docker Compose V1 ('docker-compose'). -Homepage: https://github.com/docker/compose - -Package: docker-scan-plugin -Priority: optional -# TODO change once we support scan-plugin on other architectures (see dpkg-architecture -L) -Architecture: linux-amd64 -Enhances: docker-ce-cli -Description: Docker scan cli plugin. -Homepage: https://github.com/docker/scan-cli-plugin diff --git a/pkg/docker-engine/deb/docs b/pkg/docker-engine/deb/docs index 1e89a492..073f189a 100644 --- a/pkg/docker-engine/deb/docs +++ b/pkg/docker-engine/deb/docs @@ -1 +1 @@ -cli/README.md +engine/README.md diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules index 3e35254a..39b58390 100755 --- a/pkg/docker-engine/deb/rules +++ b/pkg/docker-engine/deb/rules @@ -1,92 +1,32 @@ #!/usr/bin/make -f -VERSION ?= $(shell cat engine/VERSION) -TARGET_ARCH = $(shell dpkg-architecture -qDEB_TARGET_ARCH) - # force packages to be built with xz compression, as Ubuntu 21.10 and up use # zstd compression, which is non-standard, and breaks 'dpkg-sig --verify' override_dh_builddeb: dh_builddeb -- -Zxz override_dh_auto_build: - # Build the daemon and dependencies - cd engine && DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) PRODUCT=docker ./hack/make.sh dynbinary - cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini - cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh proxy dynamic - cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh rootlesskit dynamic - # Build the CLI - cd /go/src/github.com/docker/cli && \ - LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(CLI_GITCOMMIT) dynbinary manpages - - # Build the compose plugin - cd /go/src/github.com/docker/compose \ - && make VERSION=$(COMPOSE_VERSION) DESTDIR=/usr/libexec/docker/cli-plugins build - - # Build the scan-plugin - # TODO change once we support scan-plugin on other architectures - if [ "$(TARGET_ARCH)" = "amd64" ]; then \ - cd /go/src/github.com/docker/scan-cli-plugin \ - && PLATFORM_BINARY=docker-scan COMMIT=$(SCAN_GITCOMMIT) TAG_NAME=$(SCAN_VERSION) make native-build \ - && mkdir -p /usr/libexec/docker/cli-plugins/ \ - && mv bin/docker-scan /usr/libexec/docker/cli-plugins/; \ - fi - - # Build the CLI plugins - # Make sure to set LDFLAGS="" since, dpkg-buildflags sets it to some weird values - set -e;cd /sources && \ - tar xzf plugin-installers.tgz; \ - for installer in plugins/*.installer; do \ - LDFLAGS='' bash $${installer} build; \ - done + mkdir -p /go/src/github.com/docker + ln -snf $(CURDIR)/engine /go/src/github.com/docker/docker + cd /go/src/github.com/docker/docker && VERSION=$(DOCKER_ENGINE_VERSION) GITCOMMIT=$(DOCKER_ENGINE_REVISION) PRODUCT=docker ./hack/make.sh dynbinary + cd /go/src/github.com/docker/docker && TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini + cd /go/src/github.com/docker/docker && TMP_GOPATH="/go" hack/dockerfile/install/install.sh proxy dynamic + cd /go/src/github.com/docker/docker && TMP_GOPATH="/go" hack/dockerfile/install/install.sh rootlesskit dynamic override_dh_auto_test: ver="$$(engine/bundles/dynbinary-daemon/dockerd --version)"; \ - test "$$ver" = "Docker version $(VERSION), build $(ENGINE_GITCOMMIT)" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($$ver) did not match" && exit 1) - - ver="$$(cli/build/docker --version)"; \ - test "$$ver" = "Docker version $(VERSION), build $(CLI_GITCOMMIT)" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($$ver) did not match" && exit 1) - - ver="$$(/usr/libexec/docker/cli-plugins/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \ - test "$$ver" = "$(COMPOSE_VERSION)" && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($$ver) did not match" && exit 1) - - # FIXME: --version currently doesn't work as it makes a connection to the daemon, so using the plugin metadata instead - # TODO change once we support scan-plugin on other architectures - if [ "$(TARGET_ARCH)" = "amd64" ]; then \ - ver="$$(/usr/libexec/docker/cli-plugins/docker-scan docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \ - test "$$ver" = "$(SCAN_VERSION)" && echo "PASS: docker-scan version OK" || (echo "FAIL: docker-scan version ($$ver) did not match" && exit 1); \ - fi + test "$$ver" = "Docker version $(DOCKER_ENGINE_VERSION), build $(DOCKER_ENGINE_REVISION)" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($$ver) did not match" && exit 1) override_dh_strip: # Go has lots of problems with stripping, so just don't override_dh_auto_install: - # docker-ce-cli install - install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish - install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker - install -D -m 0755 /go/src/github.com/docker/cli/build/docker debian/docker-ce-cli/usr/bin/docker - set -e;cd /sources && \ - tar xzf plugin-installers.tgz; \ - for installer in plugins/*.installer; do \ - DESTDIR=/root/build-deb/debian/docker-ce-cli \ - PREFIX=/usr/libexec/docker/cli-plugins \ - bash $${installer} install_plugin; \ - done - # docker-ce install - install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service - install -D -m 0644 /sources/docker.socket debian/docker-ce/lib/systemd/system/docker.socket + install -D -m 0644 /common/systemd/docker.service debian/docker-ce/lib/systemd/system/docker.service + install -D -m 0644 /common/systemd/docker.socket debian/docker-ce/lib/systemd/system/docker.socket install -D -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/dockerd) debian/docker-ce/usr/bin/dockerd install -D -m 0755 /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy install -D -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init - # docker-compose-plugin install - install -D -m 0755 /usr/libexec/docker/cli-plugins/docker-compose debian/docker-compose-plugin/usr/libexec/docker/cli-plugins/docker-compose - - # docker-scan-plugin install - # TODO change once we support scan-plugin on other architectures - if [ "$(TARGET_ARCH)" = "amd64" ]; then \ - install -D -m 0755 /usr/libexec/docker/cli-plugins/docker-scan debian/docker-scan-plugin/usr/libexec/docker/cli-plugins/docker-scan; \ - fi - # docker-ce-rootless-extras install install -D -m 0755 /usr/local/bin/rootlesskit debian/docker-ce-rootless-extras/usr/bin/rootlesskit install -D -m 0755 /usr/local/bin/rootlesskit-docker-proxy debian/docker-ce-rootless-extras/usr/bin/rootlesskit-docker-proxy @@ -107,17 +47,7 @@ override_dh_install: dh_apparmor --profile-name=docker-ce -pdocker-ce override_dh_gencontrol: - # Use separate version for the compose-plugin package, then generate the other control files as usual - # TODO override "Source" field in control as well (to point to compose, as it doesn't match the package name) - dh_gencontrol -pdocker-compose-plugin -- -v$${COMPOSE_VERSION#v}~$${DISTRO}-$${SUITE} - - # Use separate version for the scan-plugin package, then generate the other control files as usual - # TODO override "Source" field in control as well (to point to scan-cli-plugin, as it doesn't match the package name) - # TODO change once we support scan-plugin on other architectures (see dpkg-architecture -L) - if [ "$(TARGET_ARCH)" = "amd64" ]; then \ - dh_gencontrol -pdocker-scan-plugin -- -v$${SCAN_VERSION#v}~$${DISTRO}-$${SUITE}; \ - fi dh_gencontrol --remaining-packages %: - dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd) + dh $@ diff --git a/pkg/docker-engine/docker-bake.hcl b/pkg/docker-engine/docker-bake.hcl new file mode 100644 index 00000000..4dfba5fd --- /dev/null +++ b/pkg/docker-engine/docker-bake.hcl @@ -0,0 +1,161 @@ +// Copyright 2022 Docker Packaging authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +# Sets the docker engine repo. Will be used to clone the repo at +# DOCKER_ENGINE_VERSION ref to include the README.md and LICENSE for the +# static packages and also create version string. +variable "DOCKER_ENGINE_REPO" { + default = "https://github.com/docker/docker.git" +} + +# Sets the docker engine helpers version to build from source. +variable "DOCKER_ENGINE_VERSION" { + default = "v20.10.17" +} + +# Sets Go image, version and variant to use for building +variable "GO_IMAGE" { + default = "" +} +variable "GO_VERSION" { + default = "" +} +variable "GO_IMAGE_VARIANT" { + default = "" +} + +# Sets the pkg name. +variable "PKG_NAME" { + default = "docker-ce" +} + +# Sets the list of package types to build: apk, deb, rpm or static +variable "PKG_TYPE" { + default = "static" +} + +# Sets release flavor. See packages.hcl and packages.mk for more details. +variable "PKG_RELEASE" { + default = "static" +} +target "_pkg-static" { + args = { + PKG_RELEASE = "" + PKG_TYPE = "static" + } +} + +# Sets the vendor/maintainer name (only for linux packages) +variable "PKG_VENDOR" { + default = "Docker" +} + +# Sets the name of the company that produced the package (only for linux packages) +variable "PKG_PACKAGER" { + default = "Docker " +} + +# Include an extra `.0` in the version, in case we ever would have to re-build +# an already published release with a packaging-only change. +variable "PKG_DEB_REVISION" { + default = "0" +} + +# rpm "Release:" field ($rpmRelease) is used to set the "_release" macro, which +# is an incremental number for builds of the same release (Version: / #rpmVersion) +# - Version: 0 : Package was built, but no matching upstream release (e.g., can be used for "nightly" builds) +# - Version: 1 : Package was built for an upstream (pre)release version +# - Version: > 1 : Only to be used for packaging-only changes (new package built for a version for which a package was already built/released) +variable "PKG_RPM_RELEASE" { + default = "1" +} + +# Defines the output folder +variable "DESTDIR" { + default = "" +} +function "bindir" { + params = [defaultdir] + result = DESTDIR != "" ? DESTDIR : "./bin/${defaultdir}" +} + +# Defines cache scope for GitHub Actions cache exporter +variable "BUILD_CACHE_SCOPE" { + default = "" +} + +group "default" { + targets = ["pkg"] +} + +target "_common" { + inherits = ["_pkg-${PKG_RELEASE}"] + args = { + BUILDKIT_MULTI_PLATFORM = 1 + DOCKER_ENGINE_REPO = DOCKER_ENGINE_REPO + DOCKER_ENGINE_VERSION = DOCKER_ENGINE_VERSION + GO_IMAGE = GO_IMAGE + GO_VERSION = GO_VERSION + GO_IMAGE_VARIANT = GO_IMAGE_VARIANT + PKG_NAME = PKG_NAME + PKG_VENDOR = PKG_VENDOR + PKG_PACKAGER = PKG_PACKAGER + PKG_DEB_REVISION = PKG_DEB_REVISION + PKG_RPM_RELEASE = PKG_RPM_RELEASE + } + cache-from = [BUILD_CACHE_SCOPE != "" ? "type=gha,scope=${BUILD_CACHE_SCOPE}-${PKG_RELEASE}" : ""] + cache-to = [BUILD_CACHE_SCOPE != "" ? "type=gha,scope=${BUILD_CACHE_SCOPE}-${PKG_RELEASE}" : ""] +} + +target "_platforms" { + platforms = [ + "linux/amd64", + "linux/arm/v7", + "linux/arm64", + "linux/ppc64le", + "linux/s390x", + "windows/amd64" + ] +} + +# $ PKG_RELEASE=debian11 docker buildx bake pkg +# $ docker buildx bake --set *.platform=linux/amd64 --set *.output=./bin pkg +target "pkg" { + inherits = ["_common"] + target = "pkg" + output = [bindir(PKG_RELEASE)] +} + +# Same as pkg but for all supported platforms +target "pkg-cross" { + inherits = ["pkg", "_platforms"] +} + +# Special target: https://github.com/docker/metadata-action#bake-definition +target "meta-helper" { + tags = ["dockereng/packaging:docker-engine-local"] +} + +# Create release image by using ./bin folder as named context. Therefore +# pkg-cross target must be run before using this target: +# $ PKG_RELEASE=debian11 docker buildx bake pkg-cross +# $ docker buildx bake release --push --set *.tags=docker/packaging:docker-engine-v20.10.17 +target "release" { + inherits = ["meta-helper", "_platforms"] + dockerfile = "../../common/release.Dockerfile" + target = "release" + contexts = { + bin-folder = "./bin" + } +} diff --git a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec index ed268846..8ef78d16 100644 --- a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec +++ b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec @@ -35,11 +35,9 @@ Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately. %setup -q -c -n src -a 0 %build - -export DOCKER_GITCOMMIT=%{_gitcommit_engine} mkdir -p /go/src/github.com/docker -ln -s ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker -TMP_GOPATH="/go" ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic +ln -snf ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker +TMP_GOPATH="/go" GITCOMMIT=%{_commit} ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic %check /usr/local/bin/rootlesskit -v diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index f7591f69..28904262 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -55,13 +55,11 @@ BuildRequires: systemd-devel BuildRequires: tar BuildRequires: which -# conflicting packages Conflicts: docker Conflicts: docker-io Conflicts: docker-engine-cs Conflicts: docker-ee -# Obsolete packages Obsoletes: docker-ce-selinux Obsoletes: docker-engine-selinux Obsoletes: docker-engine @@ -81,35 +79,28 @@ depending on a particular stack or provider. %setup -q -c -n src -a 0 %build - -export DOCKER_GITCOMMIT=%{_gitcommit_engine} mkdir -p /go/src/github.com/docker -ln -s ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker - -pushd ${RPM_BUILD_DIR}/src/engine -for component in tini "proxy dynamic";do - TMP_GOPATH="/go" hack/dockerfile/install/install.sh $component -done -VERSION=%{_origversion} PRODUCT=docker hack/make.sh dynbinary +rm -f /go/src/github.com/docker/docker +ln -snf ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker +pushd /go/src/github.com/docker/docker +TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini +TMP_GOPATH="/go" hack/dockerfile/install/install.sh proxy dynamic +VERSION=%{_origversion} DOCKER_GITCOMMIT=%{_commit} PRODUCT=docker hack/make.sh dynbinary popd %check ver="$(engine/bundles/dynbinary-daemon/dockerd --version)"; \ - test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1) + test "$ver" = "Docker version %{_origversion}, build %{_commit}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1) %install -# install daemon binary +# install binaries install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) ${RPM_BUILD_ROOT}%{_bindir}/dockerd - -# install proxy install -D -p -m 0755 /usr/local/bin/docker-proxy ${RPM_BUILD_ROOT}%{_bindir}/docker-proxy - -# install tini -install -D -p -m 755 /usr/local/bin/docker-init ${RPM_BUILD_ROOT}%{_bindir}/docker-init +install -D -p -m 0755 /usr/local/bin/docker-init ${RPM_BUILD_ROOT}%{_bindir}/docker-init # install systemd scripts -install -D -m 0644 ${RPM_SOURCE_DIR}/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service -install -D -m 0644 ${RPM_SOURCE_DIR}/docker.socket ${RPM_BUILD_ROOT}%{_unitdir}/docker.socket +install -D -m 0644 engine/contrib/init/systemd/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service +install -D -m 0644 engine/contrib/init/systemd/docker.socket ${RPM_BUILD_ROOT}%{_unitdir}/docker.socket %files %{_bindir}/dockerd From 5780b9846ce095d6e09abe9a79515ee6f4c2976d Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Mon, 5 Sep 2022 19:15:59 +0200 Subject: [PATCH 126/126] docker-engine: fix broken libsystemd-dev and libdevmapper-dev pkgs on ubuntu 1804 Signed-off-by: CrazyMax --- pkg/docker-engine/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/docker-engine/Dockerfile b/pkg/docker-engine/Dockerfile index e5d0b9c2..7c374ea6 100644 --- a/pkg/docker-engine/Dockerfile +++ b/pkg/docker-engine/Dockerfile @@ -81,6 +81,10 @@ ENV RUNC_BUILDTAGS apparmor seccomp selinux ARG PKG_RELEASE RUN <